Fortinet white logo
Fortinet white logo

FortiOS Log Message Reference

UTM extended logging

UTM extended logging

FortiOS 6.0.0 and later supports extended logging for UTM log types to reliable Syslog servers over TCP. Extended logging adds HTTP header information to the rawdata field in UTM log types. You must enable extended logging before you can use the feature.

When extended logging is enabled, the following HTTP header information can be added to the rawdata field in UTM logs:

  • Method

  • X-Forwarded-For

  • Request-Content-Type | Response-Content-Type

  • Referer

  • User-Agent

The full rawdata field of 20KB is only sent to reliable Syslog servers. Other logging devices, such as disk, FortiAnalyzer, and UDP Syslog servers, receive the information, but only keep a maximum of 2KB total log length, including the rawdata field, and discard the rest of the extended log information.

UTM extended logging

UTM extended logging

FortiOS 6.0.0 and later supports extended logging for UTM log types to reliable Syslog servers over TCP. Extended logging adds HTTP header information to the rawdata field in UTM log types. You must enable extended logging before you can use the feature.

When extended logging is enabled, the following HTTP header information can be added to the rawdata field in UTM logs:

  • Method

  • X-Forwarded-For

  • Request-Content-Type | Response-Content-Type

  • Referer

  • User-Agent

The full rawdata field of 20KB is only sent to reliable Syslog servers. Other logging devices, such as disk, FortiAnalyzer, and UDP Syslog servers, receive the information, but only keep a maximum of 2KB total log length, including the rawdata field, and discard the rest of the extended log information.