debug flow filter module-detail
Use this command to include or exclude debug logs from each FortiWeb feature module as the packet is processed when generating packet flow debug logs. This can be useful if you suspect that a module is encountering errors, or need to know which module is dropping the packet.
You can also specify a source or destination IP address to include or exclude debug logs from one FortiWeb module involving the IP address.
To use this command, your administrator account’s access control profile requires only r
permission in any profile area. For details, see Permissions.
Syntax
diagnose debug flow filter module-detail status {on | off}
diagnose debug flow filter module-detail module {all | x-forworded-for | ip-list | ip-reputation | quarant-ip | known-engine | geo-block | ...| url-rewriting}
diagnose debug flow filter module-detail client-ip <source_ipv4 | source_ipv6>
client-ip <source_ipv4 | source_ipv6>
diagnose debug flow filter module-detail server-ip <destination_ipv4 | destination_ipv6>
Variable | Description | Default |
---|---|---|
Select whether to include (on ) or exclude (off ) details from each module that processes the packet. |
off
|
|
module {all | x-forworded-for | ip-list | ip-reputation | quarant-ip | known-engine | geo-block | ...| url-rewriting} |
Select the name of module that needs to be traced (separated by space) or select all for all modules. Available only when status {on | off} is on. |
No default. |
Enter the source ( Note: This filter operates at the IP layer, not the HTTP layer. If a load balancer or other web proxy is deployed in front of FortiWeb, and therefore all connections for HTTP requests appear to originate from this IP address, configuring this filter will have no effect. Similarly, if multiple clients share an Internet connection via NAT or explicit web proxy, configuring this filter will only isolate connections that share this IP address. It will not be able to filter out a single client based on individual HTTP sessions from that IP. |
No default. | |
Enter the destination (
This will generate only packet flow debug log messages involving that server IP address. |
No default. |