Fortinet 563 FortiWeb 5.0 Patch 6 Administration Guide
2. Click any log message or click the Detail icon on any row to view message details.
The details appear below the main log table.
Viewing packet payloadsIf you enabled retention of packet payloads for attack and traffic logs (see “Enabling log types,
packet payload retention, & resource shortage alerts” on page 546), you can view a part of the
payload as dissected by the HTTP parser, in table form, via the web UI.
Packet payload tables display the decoded packet payload associated with the log message
that it caused. This supplements the log message by providing the actual data that triggered the
regular expression, which may help you to fine-tune your regular expressions to prevent false
positives, or aid in forensic analysis.
To view a packet payload
1. Go to either Log&Report > Log Access > Attack or Log&Report > Log Access > Traffic.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Log & Report category. For details, see
“Permissions” on page 47.
2. In the row corresponding to the log message whose packet payload you want to view, click
the log message.
There may not be a Packet Log icon for every log message, such as for normal HTTP
responses and attack types where you have not enabled packet payload retention.
In a frame below or to the right the log messages (unless you have selected Detailed
Information > Hidden from the menu bar), the log message appears in table format, as well
as the decoded HTTP headers and packet payload. Parameters and file uploads will be