FortiOS 6.0 Getting Started: Logging FortiGate traffic and using FortiView

FortiView is a logging tool that contains dashboards that show real time and historical logs. You can filter the dashboards to show specific results and also drill down for more information about a particular session. Each dashboard focuses on a different aspect of your network traffic, such as traffic sources of WiFi clients.

Some FortiView dashboards, such as Applications and Web Sites, require you to apply security profiles to traffic before you can view results.

1. Configuring log settings

To configure log settings, go to Log & Report > Log Settings.

Select where you want to record log messages. This example uses Local Log, because it is required by FortiView.

Enable Disk, Local Reports, and Historical FortiView.

You can also use Remote Logging and Archiving to send logs to either a FortiAnalyzer/FortiManager, FortiCloud, or a Syslog server.

Under Log Settings, set both Event Logging and Local Traffic Log to All.

2. Enabling logging in security policies

To edit the Internet policy, go to Policy & Objects > IPv4 Policy.

Under Logging Options, enable Log Allowed Traffic and select All Sessions.

Because logging all sessions uses more system resources, it is typically recommended to log only security events. However, for the purpose of this recipe, all sessions will be logged to ensure that logging has been configured correctly.

3. Results

Browse the Internet to generate traffic through the FortiGate.

To view a realtime display of all active sessions, go to FortiView > All Segments > All Sessions.

If you right-click a session in the list, you can choose to end the session, end all sessions, ban the source IP, or filter logs by the source device.

Select the 24 hours view.* You can see a historical view of your traffic. To see more information, doubleclick a session.

To view a list of the sources in your network traffic, go to FortiView > Traffic from LAN/DMZ > Sources.

Right-click on any source listed and select Drill Down to Details.

You can view a variety of information about the source address, including traffic destinations, security policies used, and if any threats are linked to traffic from this address.