|
I sent an e-mail to Daniel last week asking about the
process to get new devices supported and he asked I send some log samples to
the mailing list…these are not complete but here is a start. I
grabbed this from our central log server: 1.
Simple traffic logs from a Fortigate 100A (firmware
3.00-b0559(MR5)) Note: Sensitive info. replaced by x’s Jul 19 23:59:58 [HOSTNAME] date=2007-07-19 a5
[local4.notice] date=2007-07-19 time=22:59:58 devname=xxxxx device_id=FGTxxxxx
log_id=xxxxx type=traffic subtype=allowed pri=notice vd=root SN=xxxxx
duration=130 user=N/A group=N/A policyid=1 proto=6 service=8080/tcp
app_type=N/A status=accept src="" srcname=xxxxxx
dst=xxx.xxx.xxx.xxx dstname=xxx.xxx.xxx.xxx src_int=xxxxx dst_int=xxxxx
sent=299 rcvd=1759 sent_pkt=7 rcvd_pkt=6 src_port=56297 dst_port=8080 vpn=N/A
tran_ip=0.0.0.0 tran_port=0 dir_disp=org tran_disp=noop Jul 19 23:59:59 [HOSTNAME] date=2007-07-19 a5
[local4.notice] date=2007-07-19 time=23:00:00 devname=XXXX device_id=FGTxxxxx
log_id=xxxxx type=traffic subtype=allowed pri=notice vd=root SN=xxxxx
duration=130 user=N/A group=N/A policyid=1 proto=6 service=8080/tcp
app_type=N/A status=accept src="" srcname=xxxxxx
dst=xxx.xxx.xxx.xxx dstname=xxx.xxx.xxx.xxx src_int=xxxxx dst_int=xxxxx
sent=299 rcvd=1759 sent_pkt=7 rcvd_pkt=6 src_port=56298 dst_port=8080 vpn=N/A
tran_ip=0.0.0.0 tran_port=0 dir_disp=org tran_disp=noop 2.
A warning message regarding licensing of anti-virus
component Jul 23 06:30:22 [HOSTNAME] date=2007-07-23 a2
[local4.crit] date=2007-07-23 time=05:30:23 devname=XXXX device_id=FGTxxxxx
log_id=xxxxx type=event subtype=system pri=critical vd=root
msg=\"FortiGuard Web Filter license is expired\" As I get more messages I will send them along – we are
currently not in production so the IPS isn’t seeing anything No virus found in this outgoing message. |