View Log
{TIMESTAMP} {LOG_TYPE} {LOG_CONTENT}
The {TIMESTAMP} is in the format 'yyyy-mm-dd HH:MM:SS' and is always an UTC time. The details of {LOG_
TYPE} and {LOG_CONTENT} are described as follows.
Notation Conventions
{ADDRPORT} follows TCPDUMP format, for example:
l
IPv4: 8.8.8.8.80
l
IPv6: 2001::8:8:8:8.80
{IP-5-TUPLE}
l
ICMP:PROTO=1 SRC=<ip> DST=<ip> ID=<icmpid> TYPE=<icmptype> CODE=<icmpcode> (BM log
dones't have TYPE and CODE fields, because they are bypacket)
l
TCP:PROTO=6 SRC=<{ADDRPORT}> DST=<{ADDRPORT}>
l
UDP:PROTO=17 SRC=<{ADDRPORT}> DST=<{ADDRPORT}>
l
ICMPv6:PROTO=58 SRC=<ip> DST=<ip> TYPE=<icmpv6type> CODE=<icmpv6code>
l
Others:PROTO=<protocol num> SRC=<ip> DST=<ip>
Firewall
FW {IP‐5‐TUPLE} ACTION=[ACCEPT|DENY] TOTLEN=<pktlen>
The first packet of session {IP‐5‐TUPLE} matching a Firewall rule triggers the log. System generates only one log
for this session. This log indicates all the packets of the session {IP‐5‐TUPLE} are accepted or denied by Firewall,
and the first packet size is <pktlen>. In reality, the event ACCEPT will not be logged by system.
See "Firewall" for further information.
NAT
NAT {IP‐5‐TUPLE} NEW_SRC={ADDR}
The first packet of session {IP‐5‐TUPLE} matching a NAT rule triggers the log. System generates only one log for
this session. This log indicates source addresses of the packets of {IP‐5‐TUPLE} are translated to the new address
{ADDR} by NAT.
See "NAT" for further information.
Auto & Persistent Routing
AR {IP‐5‐TUPLE} AR=[<widx>|NONE] TOTLEN=<pktlen>
FortiWAN Handbook
Fortinet Technologies Inc.
257
To Next Page
Loading...
