Fortinet white logo
Fortinet white logo

Administration Guide

Log & Report

Log & Report

The Log & Report menu allows you to view and download reports and traffic, event, and security logs. Logging, archiving, and user interface settings can also be configured.

This section describes the following:

The log messages are a record of all of the traffic that passes through the FortiProxy device, and the actions taken by the device while scanning said traffic.

After a log message is recorded, it is stored in a log file. The log files can be stored on the FortiProxy device itself, on a connected FortiManager or FortiAnalyzer device, or on a FortiCloud server (you must have a FortiCloud subscription before you can configure the FortiProxy device to send logs to a FortiCloud server). The FortiProxy device’s system memory or local disk can be configured to store logs.

note icon

The HTTP response code returned by the upstream content server has been added to the FortiProxy logs to aid in the debugging of content failures.

Each page of log messages contains the following controls.

Refresh

Select Refresh to refresh the log list.

Download Log

Select Download Log to download the raw log file to your local computer. The log file can be viewed in any text editor.

Add Filter

When you select the Add Filter button, a drop-down list appears with a list of available filtering options. Available options differ based on which log is currently being viewed.

Log Location

The location where the displayed logs are stored.

Details

Details about the selected log message. The information displayed varies depending on the type of log message selected.

Log list

The log messages.

The available columns vary depending on the type of log being viewed. Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

Page navigation

Navigate to different pages of the log list. The total number of log messages are also shown.

Debug logs

Customer Support might request a copy of your debug logs for troubleshooting.

To download the debug logs:
  1. Go to System > Settings.
  2. In the Debug Log section, click Download.

Logs for the execution of CLI commands

The cli-audit-log option records the execution of CLI commands in system event logs (log ID 44548). In addition to execute and config commands, show, get, and diagnose commands are recorded in the system event logs.

The cli-audit-log data can be recorded on memory or disk and can be uploaded to FortiAnalyzer or a syslog server.

To enable the CLI audit log option:
config system global 
    set cli-audit-log enable 
end
To display the logs:
# execute log filter device disk
# execute log filter category event
# execute log filter field subtype system
# execute log filter field logid 0100044548
# execute log display

Filter WAD log messages by process types or IDs

WAD log messages can be filtered by process types or IDs. Multiple process type filters can be configured, but only one process ID filter can be configured.

# diagnose wad filter process-type <integer>
# diagnose wad filter process-id <integer>

diagnose wad filter process-type <integer>

Select process type to filter by (0 - 17, 0 = disable):

  • 1 = manager

  • 2 = dispatcher

  • 3 = worker

  • 4 = algo

  • 5 = informer

  • 6 = user-info

  • 7 = cache-service-cs

  • 8 = cache-service-db

  • 9 = cert-inspection

  • 10 = YouTube-filter-cache-service

  • 11 = user-info-history

  • 12 = debug

  • 13 = config-notify

  • 14 = object-cache

  • 15 = byte-cache

  • 16 = traffic aggregator

  • 17 = preload daemon

diagnose wad filter process-id <integer>

Select process id to filter by (0 = disable).

To configure multiple filters:
# diagnose wad filter process-type 1
# diagnose wad filter process-type 3
# diagnose wad filter process-type 16
# diagnose wad filter process-id 1115
To view the configured filters:
# diagnose wad filter list
        drop unknown sessions: disabled
        process type:
                manager
                worker
                traffic aggregator
        process id: 1115

Log & Report

Log & Report

The Log & Report menu allows you to view and download reports and traffic, event, and security logs. Logging, archiving, and user interface settings can also be configured.

This section describes the following:

The log messages are a record of all of the traffic that passes through the FortiProxy device, and the actions taken by the device while scanning said traffic.

After a log message is recorded, it is stored in a log file. The log files can be stored on the FortiProxy device itself, on a connected FortiManager or FortiAnalyzer device, or on a FortiCloud server (you must have a FortiCloud subscription before you can configure the FortiProxy device to send logs to a FortiCloud server). The FortiProxy device’s system memory or local disk can be configured to store logs.

note icon

The HTTP response code returned by the upstream content server has been added to the FortiProxy logs to aid in the debugging of content failures.

Each page of log messages contains the following controls.

Refresh

Select Refresh to refresh the log list.

Download Log

Select Download Log to download the raw log file to your local computer. The log file can be viewed in any text editor.

Add Filter

When you select the Add Filter button, a drop-down list appears with a list of available filtering options. Available options differ based on which log is currently being viewed.

Log Location

The location where the displayed logs are stored.

Details

Details about the selected log message. The information displayed varies depending on the type of log message selected.

Log list

The log messages.

The available columns vary depending on the type of log being viewed. Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

Page navigation

Navigate to different pages of the log list. The total number of log messages are also shown.

Debug logs

Customer Support might request a copy of your debug logs for troubleshooting.

To download the debug logs:
  1. Go to System > Settings.
  2. In the Debug Log section, click Download.

Logs for the execution of CLI commands

The cli-audit-log option records the execution of CLI commands in system event logs (log ID 44548). In addition to execute and config commands, show, get, and diagnose commands are recorded in the system event logs.

The cli-audit-log data can be recorded on memory or disk and can be uploaded to FortiAnalyzer or a syslog server.

To enable the CLI audit log option:
config system global 
    set cli-audit-log enable 
end
To display the logs:
# execute log filter device disk
# execute log filter category event
# execute log filter field subtype system
# execute log filter field logid 0100044548
# execute log display

Filter WAD log messages by process types or IDs

WAD log messages can be filtered by process types or IDs. Multiple process type filters can be configured, but only one process ID filter can be configured.

# diagnose wad filter process-type <integer>
# diagnose wad filter process-id <integer>

diagnose wad filter process-type <integer>

Select process type to filter by (0 - 17, 0 = disable):

  • 1 = manager

  • 2 = dispatcher

  • 3 = worker

  • 4 = algo

  • 5 = informer

  • 6 = user-info

  • 7 = cache-service-cs

  • 8 = cache-service-db

  • 9 = cert-inspection

  • 10 = YouTube-filter-cache-service

  • 11 = user-info-history

  • 12 = debug

  • 13 = config-notify

  • 14 = object-cache

  • 15 = byte-cache

  • 16 = traffic aggregator

  • 17 = preload daemon

diagnose wad filter process-id <integer>

Select process id to filter by (0 = disable).

To configure multiple filters:
# diagnose wad filter process-type 1
# diagnose wad filter process-type 3
# diagnose wad filter process-type 16
# diagnose wad filter process-id 1115
To view the configured filters:
# diagnose wad filter list
        drop unknown sessions: disabled
        process type:
                manager
                worker
                traffic aggregator
        process id: 1115