Fortinet black logo

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiOS Carrier

Log message content

Logging on the Carrier-enabled FortiGate unit is just like logging on any other FortiOS unit. The only difference with FortiOS Carrier is that there are a few additional events that you can log beyond the regular ones. These additional events are covered here.

To change FortiOS Carrier specific logging event settings, go to Security Profiles > GTP Profile and edit a GTP profile. Expand the Log section to change the settings. For detailed options, see Log options.

The following information is contained in each log entry:

Timestamp The time and date when the log entry was recorded
Source IP address The sender’s IP address.
Destination IP address The receiver’s IP address. The sender-receiver pair includes a mobile phone on the GPRS local network, and a device on a network external to the GPRS network, such as the Internet.
Tunnel Identifier (TID)

Tunnel Endpoint Identifier (TEID)
An identifier for the start and endpoints of a GTP tunnel. This information uniquely defines all tunnels. It is important for billing information based on the length of time the tunnel was active and how much data passed over the tunnel.
Message type For available message types, see Common message types on carrier networks.
Packet status What action was performed on the packet. This field matches the logging options while you are configuring GTP logging. See Log message content.

The status can be one of forwarded, prohibited, state-invalid, rate-limited, or tunnel-limited
Virtual domain ID or name Indicates the virtual domain (VDOM) that created the log message. If VDOMs are not enabled, this field will be root.
Reason to be denied if applicable If the packet that generated this log entry was denied or blocked, this field will include what part of FortiOS denied or blocked that packet. Such as firewall, antivirus, webfilter, or spamfilter.

An example of the above log message format is for a Tunnel deleted log entry. When a tunnel is deleted, the log entry contains the following information:

  • Timestamp
  • Interface name (if applicable)
  • SGSN IP address (source IP)
  • GGSN IP address (destination IP)
  • Tunnel ID
  • Tunnel duration time in seconds
  • Number of messages sent to the SGSN
  • Number of messages sent to the GGSN

Log message content

Logging on the Carrier-enabled FortiGate unit is just like logging on any other FortiOS unit. The only difference with FortiOS Carrier is that there are a few additional events that you can log beyond the regular ones. These additional events are covered here.

To change FortiOS Carrier specific logging event settings, go to Security Profiles > GTP Profile and edit a GTP profile. Expand the Log section to change the settings. For detailed options, see Log options.

The following information is contained in each log entry:

Timestamp The time and date when the log entry was recorded
Source IP address The sender’s IP address.
Destination IP address The receiver’s IP address. The sender-receiver pair includes a mobile phone on the GPRS local network, and a device on a network external to the GPRS network, such as the Internet.
Tunnel Identifier (TID)

Tunnel Endpoint Identifier (TEID)
An identifier for the start and endpoints of a GTP tunnel. This information uniquely defines all tunnels. It is important for billing information based on the length of time the tunnel was active and how much data passed over the tunnel.
Message type For available message types, see Common message types on carrier networks.
Packet status What action was performed on the packet. This field matches the logging options while you are configuring GTP logging. See Log message content.

The status can be one of forwarded, prohibited, state-invalid, rate-limited, or tunnel-limited
Virtual domain ID or name Indicates the virtual domain (VDOM) that created the log message. If VDOMs are not enabled, this field will be root.
Reason to be denied if applicable If the packet that generated this log entry was denied or blocked, this field will include what part of FortiOS denied or blocked that packet. Such as firewall, antivirus, webfilter, or spamfilter.

An example of the above log message format is for a Tunnel deleted log entry. When a tunnel is deleted, the log entry contains the following information:

  • Timestamp
  • Interface name (if applicable)
  • SGSN IP address (source IP)
  • GGSN IP address (destination IP)
  • Tunnel ID
  • Tunnel duration time in seconds
  • Number of messages sent to the SGSN
  • Number of messages sent to the GGSN