Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 5.0.0 Administration Guide
    5.0.0
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Log & Report

    Log & Report

    Use the Log & Report page to view and download all logs collected by the device, access scheduled reports, and generate reports. You can see logs local to FortiSandbox, or set up a remote log server, such as one linking to FortiAnalyzer.

    Note

    Local logs retain up to 1 GB of overall logs. If this limit is reached, logs are rotated to keep the latest ones.

    Log Details

    To view more details about a specific log in the log list, simply select that log. A log details pane is available at the bottom of the window.

    The log details pane contains the same information as the log message list, except with a full message in lieu of a shortened one.

    Logging Levels

    FortiSandbox logs can be Emergency (reserved), Alert, Critical, Error, Warning, Information, or Debug. The following table provides example logs for each log level.

    Log Level

    Description

    Example Log Entry

    Alert

    Immediate action is required.

    Suspicious URL visit domain.com from 192.12.1.12 to 42.156.162.21:80.

    Critical

    Functionality is affected.

    System database is not ready. A program should have started to rebuild it and it shall be ready after a while.

    Error

    An erroneous condition exists and functionality is probably effected.

    Errors that occur when deleting certificates.

    Warning

    Functionality might be affected.

    Submitted file AVSInstallPack.exe is too large: 292046088.

    Information

    General information about system operations.

    LDAP server information that was successfully updated.

    Debug

    Detailed information useful for debugging purposes.

    Launching job for file. jobid=2726271637747836543 filename=log md5=ebe5ae2bec3b653c2970e8cec9f5f1d9 sha1=06ea6108d02513f0d278ecc8d443df86dac2885b sha256=d678da5fb9ea3ee20af779a4ae13c402585ebb 070edcf20091cb20509000f74b

    Raw logs

    You can download and save raw logs to the management computer using the Download Log button. Raw logs are saved as a text file with the extension .log.gz. You can search the system log for more information.

    Sample raw logs file content

    itime=1458669062 date=2016-03-22 time=17:51:02 logid=1220000020 type=event subtype=unknown pri=alert user=system ui=system action=rating status=success reason=none letype=6 msg=fname=v32.cab jobid=2725911139058114340 sha1=f61045626e5f4f74108fb6b15dde284fe0249370 sha256=f75fca6300e48ec4876661314475cdd7f38d4c73e87dfb5a423ef34a7ce0154f rating=Clean scantime=11 malwarename=N/A srcip=204.79.197.200 dstip=208.91.115.250 protocol=HTTP device=() url=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab

    itime=1458669062 date=2016-03-22 time=17:51:02 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action=controller status=success reason=none letype=6 pid=8605 msg="Sandboxing environment is not available for job 2725913445926977878, file type: htm, file extension: htm"

    itime=1458669062 date=2016-03-22 time=17:51:02 logid=1220000020 type=event subtype=unknown pri=alert user=system ui=system action=rating status=success reason=none letype=6 msg=fname=0_22_93_0_0_2_0_0_1.html jobid=2725913445926977878 sha1=098a2ca8d81979f2bb281af236f9baa651d557d5 sha256=424c62eaaa4736740e43f5c7376ec6f209b0d3df0e0cadcc94324280eafa101f rating=Clean scantime=12 malwarename=N/A srcip=125.39.193.250 dstip=208.91.115.12 protocol=HTTP device=() url=http://all.17k.com/lib/book/0_22_93_0_0_2_0_0_1.html

    For detailed log format information, please refer to the FortiSandbox 5.0.0 Log Reference available on the Fortinet Document Library.
    Previous
    Next

    Log & Report

    Log & Report

    Use the Log & Report page to view and download all logs collected by the device, access scheduled reports, and generate reports. You can see logs local to FortiSandbox, or set up a remote log server, such as one linking to FortiAnalyzer.

    Note

    Local logs retain up to 1 GB of overall logs. If this limit is reached, logs are rotated to keep the latest ones.

    Log Details

    To view more details about a specific log in the log list, simply select that log. A log details pane is available at the bottom of the window.

    The log details pane contains the same information as the log message list, except with a full message in lieu of a shortened one.

    Logging Levels

    FortiSandbox logs can be Emergency (reserved), Alert, Critical, Error, Warning, Information, or Debug. The following table provides example logs for each log level.

    Log Level

    Description

    Example Log Entry

    Alert

    Immediate action is required.

    Suspicious URL visit domain.com from 192.12.1.12 to 42.156.162.21:80.

    Critical

    Functionality is affected.

    System database is not ready. A program should have started to rebuild it and it shall be ready after a while.

    Error

    An erroneous condition exists and functionality is probably effected.

    Errors that occur when deleting certificates.

    Warning

    Functionality might be affected.

    Submitted file AVSInstallPack.exe is too large: 292046088.

    Information

    General information about system operations.

    LDAP server information that was successfully updated.

    Debug

    Detailed information useful for debugging purposes.

    Launching job for file. jobid=2726271637747836543 filename=log md5=ebe5ae2bec3b653c2970e8cec9f5f1d9 sha1=06ea6108d02513f0d278ecc8d443df86dac2885b sha256=d678da5fb9ea3ee20af779a4ae13c402585ebb 070edcf20091cb20509000f74b

    Raw logs

    You can download and save raw logs to the management computer using the Download Log button. Raw logs are saved as a text file with the extension .log.gz. You can search the system log for more information.

    Sample raw logs file content

    itime=1458669062 date=2016-03-22 time=17:51:02 logid=1220000020 type=event subtype=unknown pri=alert user=system ui=system action=rating status=success reason=none letype=6 msg=fname=v32.cab jobid=2725911139058114340 sha1=f61045626e5f4f74108fb6b15dde284fe0249370 sha256=f75fca6300e48ec4876661314475cdd7f38d4c73e87dfb5a423ef34a7ce0154f rating=Clean scantime=11 malwarename=N/A srcip=204.79.197.200 dstip=208.91.115.250 protocol=HTTP device=() url=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32.cab

    itime=1458669062 date=2016-03-22 time=17:51:02 logid=0106000001 type=event subtype=system pri=debug user=system ui=system action=controller status=success reason=none letype=6 pid=8605 msg="Sandboxing environment is not available for job 2725913445926977878, file type: htm, file extension: htm"

    itime=1458669062 date=2016-03-22 time=17:51:02 logid=1220000020 type=event subtype=unknown pri=alert user=system ui=system action=rating status=success reason=none letype=6 msg=fname=0_22_93_0_0_2_0_0_1.html jobid=2725913445926977878 sha1=098a2ca8d81979f2bb281af236f9baa651d557d5 sha256=424c62eaaa4736740e43f5c7376ec6f209b0d3df0e0cadcc94324280eafa101f rating=Clean scantime=12 malwarename=N/A srcip=125.39.193.250 dstip=208.91.115.12 protocol=HTTP device=() url=http://all.17k.com/lib/book/0_22_93_0_0_2_0_0_1.html

    For detailed log format information, please refer to the FortiSandbox 5.0.0 Log Reference available on the Fortinet Document Library.
    Previous
    Next