e.g let's say you want to monitor just fwpolicy traffic
You will need to set the category of "0" and then execute the display log for that category.
list of categories
defining a filter based on traffic
defining a filter based on policyid
Here's a few other filters types;
execute log filter field dstcountry
execute log filter field policyid
Execute "execute log filter field ? " to get a list of the available fields.
And one last tip, if you ever need to get a list of how many log by categories the following command will display the counts execute log list < category number >
e.g
Using this method will allow you to ensure log messages are being sent without looking with fortianalyzer or syslog or webGUI.
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment