Saturday, July 29, 2017

custom-log fields fortiOS

Logging in  the FortiOS is good  for the most part when it comes to logging.

I want to post about  custom log fields, logging  comment section and  CEF logging outputs.

Custom-Fields has been around  for a while. It allows you to set fields in the log message that you can apply to a firewall-policy.

Policy with the set logtraffic all will include these  additional fields. Here's the quick dirty means for enabling custom-fields.








Here's a difference in  logging of the custom-field from  display from logdisk and fortianalzyer





You can also add 1 or more custom-fields to a fwpolicy;


Using custom-fields can leverage reporting for traffic  hitting a fwpolicy. Under  fortiOS 5.6 you can log  firewall policy comments.

Keep in mind logging   custom-fields against  FAZ is not enable be default. You have to set the custom logfield on the fortianalyzer  and I don't believe you can log multiple custom-fields in  FAZ.












Ken   Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 

        /  \

No comments:

Post a Comment