Log & Report
The Log & Report menu allows you to view and download reports and traffic, event, and security logs. Logging, archiving, and user interface settings can also be configured.
This section describes the following:
- Types of logs
- System Events
- Security Events
- Reports
- Log settings
- Email Alert Settings
- Port Exhaustion Alert
- Logging to FortiAnalyzer
- Log fields for long-live sessions NEW
The log messages are a record of all of the traffic that passes through the FortiProxy device, and the actions taken by the device while scanning said traffic.
After a log message is recorded, it is stored in a log file. The log files can be stored on the FortiProxy device itself, on a connected FortiManager or FortiAnalyzer device, or on a FortiGate Cloud server (you must have a FortiCloud subscription before you can configure the FortiProxy device to send logs to a FortiGate Cloud server). The FortiProxy device’s system memory or local disk can be configured to store logs.
The HTTP response code returned by the upstream content server has been added to the FortiProxy logs to aid in the debugging of content failures. |
Each page of log messages contains the following controls.
Debug logs
Customer Support might request a copy of your debug logs for troubleshooting.
To download the debug logs:
- Go to System > Settings.
- In the Debug Log section, click Download.
Logs for the execution of CLI commands
The cli-audit-log
option records the execution of CLI commands in system event logs (log ID 44548). In addition to execute
and config
commands, show
, get
, and diagnose
commands are recorded in the system event logs.
The cli-audit-log
data can be recorded on memory or disk and can be uploaded to FortiAnalyzer or a syslog server.
To enable the CLI audit log option:
config system global set cli-audit-log enable end
To display the logs:
# execute log filter device disk # execute log filter category event # execute log filter field subtype system # execute log filter field logid 0100044548 # execute log display
Filter WAD log messages by process types or IDs
WAD log messages can be filtered by process types or IDs. Multiple process type filters can be configured, but only one process ID filter can be configured.
# diagnose wad filter process-type <integer> # diagnose wad filter process-id <integer>
diagnose wad filter process-type <integer> |
Select process type to filter by (0 - 17, 0 = disable):
|
diagnose wad filter process-id <integer> |
Select process id to filter by (0 = disable). |
To configure multiple filters:
# diagnose wad filter process-type 1 # diagnose wad filter process-type 3 # diagnose wad filter process-type 16 # diagnose wad filter process-id 1115
To view the configured filters:
# diagnose wad filter list drop unknown sessions: disabled process type: manager worker traffic aggregator process id: 1115