Tuesday, February 2, 2016

displaying logs in a FGT via the cli

The FortiOS Fortigate has a cool feature  that's available from  the cli. If you do a lot of ssh remote access and need to review logs you can use the execute log display and set filters.

e.g let's say  you want to monitor just fwpolicy traffic

You will need to  set the category of "0" and then execute the display log for that category.



list of categories







defining a filter based on  traffic






 defining a filter based on policyid




 Here's a few other filters types;

execute  log filter  field   dstcountry
execute  log filter  field   policyid

Execute "execute  log filter  field   ? " to get a list of the available fields.


And one last tip, if you ever need to get a list of how many log by categories the following command will display the counts  execute  log list < category number >

e.g





Using this method will allow you to ensure log messages are being sent without looking with fortianalyzer or syslog or webGUI.


Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

No comments:

Post a Comment