Logging and reporting

Filtering log messages

 

 

Log message levels

Table 23 lists and describes FortiGate log message levels.

Table 23: FortiGate log message levels

Levels

Description

Generated by

 

 

 

 

0

- Emergency

The system has become unstable.

Emergency messages not

 

 

 

available.

 

 

 

 

1

- Alert

Immediate action is required.

NIDS attack log messages.

 

 

 

 

2

- Critical

Functionality is affected.

DHCP

 

 

 

 

3

- Error

An error condition exists and

Error messages not available.

 

 

functionality could be affected.

 

 

 

 

 

4

- Warning

Functionality could be affected.

Antivirus, Web filter, email filter, and

 

 

 

system event log messages.

 

 

 

 

5

- Notice

Information about normal events.

Antivirus, Web filter, and email filter

 

 

 

log messages.

 

 

 

 

6

- Information

General information about system

Antivirus, Web filter, email filter log

 

 

operations.

messages, and other event log

 

 

 

messages.

 

 

 

 

Filtering log messages

You can configure the logs that you want to record and the message categories that you want to record in each log.

To filter log entries

1Go to Log&Report > Log Setting.

2Select Config Policy for the log location that you selected in “Recording logs” on page 251.

3Select the log types that you want the FortiGate unit to record.

Traffic Log

Record all connections to and through the interface.

 

To configure traffic filtering, see “Adding traffic filter entries” on page 256.

Event Log

Record management and activity events in the event log.

 

Management events include changes to the system configuration as well

 

as administrator and user logins and logouts. Activity events include

 

system activities, such as VPN tunnel establishment and HA failover

 

events.

Virus Log

Record virus intrusion events, such as when the FortiGate unit detects a

 

virus, blocks a file type, or blocks an oversized file or email.

Web Filtering Log Record activity events, such as URL and content blocking, and exemption of URLs from blocking.

Attack Log

Record attacks detected by the NIDS and prevented by the NIDS

 

Prevention module.

Email Filter Log

Record activity events, such as detection of email that contains unwanted

 

content and email from unwanted senders.

Update

Record log messages when the FortiGate connects to the FDN to

 

download antivirus and attack updates.

FortiGate-50A Installation and Configuration Guide

253

Page 253
Image 253
Fortinet 50A Filtering log messages, Log message levels, 253, To filter log entries Go to Log&Report Log Setting