UTM extended logging
FortiOS 6.0.0 and later supports extended logging for UTM log types to reliable Syslog servers over TCP. Extended logging adds HTTP header information to the rawdata
field in UTM log types. You must enable extended logging before you can use the feature.
When extended logging is enabled, the following HTTP header information can be added to the rawdata field in UTM logs:
-
Method
-
X-Forwarded-For
-
Request-Content-Type | Response-Content-Type
-
Referer
-
User-Agent
The full rawdata field of 20KB is only sent to reliable Syslog servers. Other logging devices, such as disk, FortiAnalyzer, and UDP Syslog servers, receive the information, but only keep a maximum of 2KB total log length, including the rawdata field, and discard the rest of the extended log information.