Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.4.3 Administration Guide
7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0

Log fields for long-live sessions

Log fields for long-live sessions

Logging of long-live session statistics can be enabled or disabled in traffic logs.

config log setting
     set long-live-session-stat {enable | disable}
end

When enabled, traffic logs include the following fields of statistics for long-live sessions:

Duration delta (durationdelta)

Displays the time in seconds between the last session log and the current session log.

Sent packet delta (sentpktdelta)

Displays the number of sent packets.

When the number of packets reported in the sentpktdelta field matches the number of bytes reported in the sentpkt field, it shows no missing logs.

Received packet delta (rcvdpktdelta)

Displays the number of received packets.

When the number of packets reported in the rcvdpktdelta field matches the number of bytes reported in the rcvdpkt field, it shows no missing logs.

The long-live session fields enhance the granularity and accuracy of traffic longs to aid troubleshooting and analysis.

Example

In this example, logging is enabled for long-live session statistics. Log ID 20 includes the new fields for long-live sessions.

To log long-live session statistics:

  1. Enable logging of long-live session statistics:

    config log setting
     set long-live-session-stat enable
end

  2. View information in the logs:

    In the following example, log fields are filtered for log ID 0000000020 to displays the new fields of data.

    The sentpkt field displays 205 bytes, and the rcvdpkt field displays 1130 bytes. The new fields (sentpktdelta=205 and rcvdpktdelta=1130) display the same number of packets, which shows no logs have been lost. The durationdelta shows 120 seconds between the last session log and the current session log.

    # execute log filter device Disk

# execute log filter category 0

# execute log filter field subtype forward

# execute log filter field logid 0000000020

# execute log display

1 logs found.

1 logs returned.

1: date=2023-12-07 time=14:19:59 eventtime=1701987599439429340 tz="-0800" logid="0000000020" type="traffic" subtype="forward" level="notice" vd="vdom1" srcip=10.1.100.22 srcport=53540 srcintf="wan2" srcintfrole="undefined" dstip=172.16.200.55 dstport=80 dstintf="wan1" dstintfrole="undefined" srccountry="Reserved" dstcountry="Reserved" sessionid=296 proto=6 action="accept" policyid=1 policytype="policy" poluuid="e538d622-53eb-51ee-8adc-f8fbb0f22fdd" policyname="B-out" service="HTTP" trandisp="snat" transip=172.16.200.2 transport=53540 duration=120 sentbyte=10855 rcvdbyte=1397640 sentpkt=205 rcvdpkt=1130 appcat="unscanned" sentdelta=10855 rcvddelta=1397640 durationdelta=120 sentpktdelta=205 rcvdpktdelta=1130
Previous
Next

Log fields for long-live sessions

Logging of long-live session statistics can be enabled or disabled in traffic logs.

config log setting
     set long-live-session-stat {enable | disable}
end

When enabled, traffic logs include the following fields of statistics for long-live sessions:

Duration delta (durationdelta)

Displays the time in seconds between the last session log and the current session log.

Sent packet delta (sentpktdelta)

Displays the number of sent packets.

When the number of packets reported in the sentpktdelta field matches the number of bytes reported in the sentpkt field, it shows no missing logs.

Received packet delta (rcvdpktdelta)

Displays the number of received packets.

When the number of packets reported in the rcvdpktdelta field matches the number of bytes reported in the rcvdpkt field, it shows no missing logs.

The long-live session fields enhance the granularity and accuracy of traffic longs to aid troubleshooting and analysis.

Example

In this example, logging is enabled for long-live session statistics. Log ID 20 includes the new fields for long-live sessions.

To log long-live session statistics:

  1. Enable logging of long-live session statistics:

    config log setting
     set long-live-session-stat enable
end

  2. View information in the logs:

    In the following example, log fields are filtered for log ID 0000000020 to displays the new fields of data.

    The sentpkt field displays 205 bytes, and the rcvdpkt field displays 1130 bytes. The new fields (sentpktdelta=205 and rcvdpktdelta=1130) display the same number of packets, which shows no logs have been lost. The durationdelta shows 120 seconds between the last session log and the current session log.

    # execute log filter device Disk

# execute log filter category 0

# execute log filter field subtype forward

# execute log filter field logid 0000000020

# execute log display

1 logs found.

1 logs returned.

1: date=2023-12-07 time=14:19:59 eventtime=1701987599439429340 tz="-0800" logid="0000000020" type="traffic" subtype="forward" level="notice" vd="vdom1" srcip=10.1.100.22 srcport=53540 srcintf="wan2" srcintfrole="undefined" dstip=172.16.200.55 dstport=80 dstintf="wan1" dstintfrole="undefined" srccountry="Reserved" dstcountry="Reserved" sessionid=296 proto=6 action="accept" policyid=1 policytype="policy" poluuid="e538d622-53eb-51ee-8adc-f8fbb0f22fdd" policyname="B-out" service="HTTP" trandisp="snat" transip=172.16.200.2 transport=53540 duration=120 sentbyte=10855 rcvdbyte=1397640 sentpkt=205 rcvdpkt=1130 appcat="unscanned" sentdelta=10855 rcvddelta=1397640 durationdelta=120 sentpktdelta=205 rcvdpktdelta=1130
Previous
Next