Fortinet 5.0 Patch 6 Obscuring sensitive data in the logs

Fortinet 552 FortiWeb 5.0 Patch 6 Administration Guide

3. Click Apply.

4. Enable the log types that you want your log destinations to receive. See “Enabling log types,

packet payload retention, & resource shortage alerts” on page 546.

See also

•Configuring log destinations

•Viewing log messages

•Downloading log messages

•Enabling log types, packet payload retention, & resource shortage alerts

•Alert email

•Configuring Syslog settings

•Configuring FortiAnalyzer policies

Obscuring sensitive data in the logs

You can configure the FortiWeb appliance to hide certain predefined data types, including user

names and passwords, that could appear in the packet payloads accompanying a log message.

You can also define and include your own sensitive data types, such as ages (relevant if you are

required to comply with COPPA) or other identifying numbers, using regular expressions.

FortiAnalyzer Enable to store log messages remotely on a FortiAnalyzer appliance.

FortiAnalyzer entries are controlled by FortiAnalyzer policies and trigger

actions associated with various types of violations. If this option is

enabled, but a trigger action has not been selected for a specific type of

violation, every occurrence of that violation will be recorded to the

FortiAnalyzer specified in FortiAnalyzer Policy.

Note: Before enabling this option, verify that log frequency is not too

great. If logs are very frequent, enabling this option could decrease

performance and cause the FortiWeb appliance to send many log

messages to FortiAnalyzer.

Note: Logs stored remotely cannot be viewed from the FortiWeb web UI.

FortiAnalyzer

Policy

Select the settings to use when storing log messages

remotely. FortiAnalyzer settings include the address and

other connection settings for the remote FortiAnalyzer.

For more information see “Configuring FortiAnalyzer

policies” on page 555.

Log Level Select the severity level that a log message must equal or

exceed in order to be recorded to this storage location.

For information about severity levels, see “Log severity

levels” on page 544.

Setting name Description

Sensitive data definitions are not retroactive. They will hide strings in subsequent log

messages, but will not affect existing ones.