Hyperscale Firewall Guide

Home FortiGate / FortiOS 7.4.3 Hyperscale Firewall Guide

7.4.3

Software session logging configurations

As part of hyperscale hardware logging, you can log hyperscale VDOM software session logs (that is logs for hyperscale VDOM sessions handled by the kernel/CPU).

You can configure software session logging to log TCP and UDP software sessions or all software sessions. Software session logging uses per-session logging, which creates two log messages per session, one when the session is established and one when the session ends. Software session logging supports NetFlow v9, NetFlow v10, and syslog log message formats.

Basic software session logging configuration

The following configuration uses NP7 processor hardware logging to send software session logs to two NetFlow v10 log servers. Specific to software session logging, this configuration:

Enables enforce-seq-order to send software session logs in strict order by sequence number.
Only logs TCP and UDP software session logs by setting sw-log-flags to tcp-udp-only.

Example CLI syntax:

config log npu-server

set log-processor hardware

set netflow-ver v10

set enforce-seq-order enable

config server-info

edit 3

set vdom root

set ipv4-server 10.10.10.20

set source-port 2004

set dest-port 4739

end

edit 4

set vdom root

set ipv4-server 10.10.10.21

set source-port 2004

set dest-port 4739

end

config server-group

edit Example-log-srv-grp

set sw-log-flags tcp-udp-only

set server-number 2

set server-start-id 3

end

Software session logging with user information and event logs

The following configuration uses host (or CPU) hardware logging to send software session logs for all software sessions to two syslog servers. Host logging and Syslog servers are required because this configuration:

Includes user information (log-user-information is enabled for the log server group).
Includes event logs (log-gen-event is enabled for the log server group).

Example CLI syntax:

config log npu-server

set log-processor host

config server-info

edit 5

set vdom root

set ipv4-server 10.10.10.35

set source-port 2003

set dest-port 514

end

edit 6

set vdom root

set ipv4-server 10.10.10.36

set source-port 2004

set dest-port 514

end

config server-group

edit Example-log-server

set log-format syslog

set sw-log-flags enable-all-log

set log-user-info enable

set log-gen-event enable

set server-number 2

set server-start-id 5

end