Configuring traffic logging

Logging and reporting

 

 

Configuring traffic logging

You can configure the FortiGate unit to record traffic log messages for connections to:

Any interface

Any VLAN subinterface

Any firewall policy

The FortiGate unit can filter traffic logs for any source and destination address and service. You can also enable the following global settings:

resolve IP addresses to host names,

record session or packet information,

display the port number or service.

The traffic filter list shows the name, source address and destination address, and the protocol type of the traffic to be filtered.

This section describes:

Enabling traffic logging

Configuring traffic filter settings

Adding traffic filter entries

Enabling traffic logging

You can enable logging on any interface, VLAN subinterface, and firewall policy.

Enabling traffic logging for an interface

If you enable traffic logging for an interface, all connections to and through the interface and recorded in the traffic log.

1Go to System > Network > Interface.

2Select Edit in the Modify column beside the interface for which you want to enable logging.

3For Log, select Enable.

4Select OK.

5Repeat this procedure for each interface for which you want to enable logging.

Enabling traffic logging for a VLAN subinterface

If you enable traffic logging for a VLAN subinterface, all connections to and through the VLAN subinterface and recorded in the traffic log.

1Go to System > Network > Interface.

2Select Edit in the Modify column beside the VLAN subinterface for which you want to enable logging.

3For Log, select Enable.

4Select OK.

286

Fortinet Inc.

Page 286
Image 286
Fortinet 400 manual Configuring traffic logging, Enabling traffic logging for an interface, 286