Fortinet 5.0 Patch 6 Enabling log types, packet payload retention, & resource shortage alerts

Fortinet 546 FortiWeb 5.0 Patch 6 Administration Guide

To configure logging

1. Set the severity level threshold that log messages must meet or exceed in order to be sent to

each log storage device. If you will store logs remotely, also configure connectivity

information such as the IP address. See “Configuring log destinations” on page 549,

“Configuring Syslog settings” on page 554, and “Configuring FortiAnalyzer policies” on

page 555.

2. Group Syslog and FortiAnalyzer settings and select those groups in Trigger Action settings

throughout the configuration of web protection features. See “Configuring triggers” on

page 557.

3. Enable logging in general. See “Enabling log types, packet payload retention, & resource

shortage alerts” on page 546.

4. If you want to log attacks, select an Alert option as the Action setting when configuring

attack protection.

5. Monitor your log messages via the web UI or through alert email for events that require

action from network administrators. See “Viewing log messages” on page 557 and “Alert

email” on page 576. Configure reports that are derived from log data to review trends in your

network. See “Reports” on page 586.

Enabling log types, packet payload retention, & resource shortage alerts

You can enable or disable logging for each log type, as well as configure system alert

thresholds, and which policy violations should cause the appliance to retain the TCP/IP packet

payload (HTTP headers and a portion of the HTTP body, if any) that can be viewed with its

corresponding log message.

For more information on log types, see “Log types” on page 543.

To enable logging

1. Go to Log&Report > Log Config > Other Log Settings.

To access this part of the web UI, your administrator’s account access profile must have

Read and Write permission to items in the Log & Report category. For details, see

“Permissions” on page 47.