Configuring traffic filter settings

Logging and reporting

 

 

Configuring traffic filter settings

Use the following procedure to configure the information recorded in all traffic log messages.

1Go to Log&Report > Log Setting > Traffic Filter.

2Select the settings that you want to apply to all Traffic Log messages.

Resolve IP

Select Resolve IP if you want traffic log messages to list the IP address

 

and the domain name stored on the DNS server. If the primary and

 

secondary DNS server addresses provided to you by your ISP have not

 

already been added, go to System > Network > DNS and add the

 

addresses.

Type

Select Session or Packet. If you select Session, the FortiGate unit records

 

the number of packets sent and received for each session. If you select

 

Packet, the FortiGate unit records the average packet length for each

 

session (in bytes).

Display

Select Port Number if you want traffic log messages to list the port

 

number, for example, 80/tcp. Select Service Name if you want traffic log

 

messages to list the name of the service, for example, TCP.

3Select Apply.

Figure 44: Example traffic filter list

Adding traffic filter entries

Add entries to the traffic filter list to filter the messages that are recorded in the traffic log. If you do not add any entries to the traffic filter list, the FortiGate records all traffic log messages. You can add entries to the traffic filter list to limit the traffic logs that are recorded. You can log traffic with a specified source IP address and netmask, to a destination IP address and netmask and for a specified service. A traffic filter entry can include any combination of source and destination addresses and services.

Use the following procedure to add an entry to the traffic filter list.

1Go to Log&Report > Log Setting > Traffic Filter.

2Select New.

3Configure the traffic filter for the type of traffic that you want to record on the traffic log.

Name

Type a name to identify the traffic filter entry.

Source IP Address Source Netmask

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Spaces and other special characters are not allowed.

Type the source IP address and netmask for which you want the FortiGate unit to log traffic messages. The address can be an individual computer, subnetwork, or network.

254

Fortinet Inc.

Page 254
Image 254
Fortinet 100 user manual Configuring traffic filter settings, Adding traffic filter entries, 254