Application logging in NGFW policy mode
In NGFW policy mode, if an application, application category, or application group is selected on a security policy, and traffic logging is set to UTM or All, then application control logs will be generated. In addition, when a signature is set to the ACCEPT action under a security policy, all corresponding child signatures will be assessed and logged as well.
To verify application logging:
- Go to Policy & Objects > Security Policy and configure a new policy for YouTube.
- Set Action to ACCEPT and Log Allowed Traffic to Security Events.
- Configure the remaining settings as required, then click OK.
- On a client system, play some YouTube videos.
- On FortiOS, go to Log & Report > Application Control and view the logs.
There are logs not only for YouTube, but also for YouTube_Video.Play, YouTube_Video.Access, and so on, as verified from the Application Name column.