I want to post about custom log fields, logging comment section and CEF logging outputs.
Custom-Fields has been around for a while. It allows you to set fields in the log message that you can apply to a firewall-policy.
Policy with the set logtraffic all will include these additional fields. Here's the quick dirty means for enabling custom-fields.
Here's a difference in logging of the custom-field from display from logdisk and fortianalzyer
You can also add 1 or more custom-fields to a fwpolicy;
Using custom-fields can leverage reporting for traffic hitting a fwpolicy. Under fortiOS 5.6 you can log firewall policy comments.
Keep in mind logging custom-fields against FAZ is not enable be default. You have to set the custom logfield on the fortianalyzer and I don't believe you can log multiple custom-fields in FAZ.
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment