Logging and Reporting : Using the traffic log
 
Using the traffic log
The Traffic Log table displays logs related to traffic served by the FortiADC deployment.
Figure 42 shows the Traffic log table. By default, the log is filtered to display Server Load Balancing - Layer 4 traffic logs, and the table lists the most recent records first.
Figure 42:   Traffic log
 
You can use the following category filters to review logs of interest:
SLB Layer 4—Traffic served by virtual servers of type Layer 4
SLB HTTP—Traffic served by virtual servers with HTTP profiles
SLB TCPS—Traffic served by virtual servers with TCPS profiles
SLB RADIUS—Traffic served by virtual servers with RADIUS profiles
GLB—Traffic served by global load balancing policies
Within each category, you can use Filter Setting controls to filter the table based on the values of matching data:
Date
Time
Src
Src Port
Dst
Dst Port
Policy
The last column in each table includes a link to log details.
Before you begin:
You must have Read-Write permission for Log & Report settings.
To view and filter the log:
1. Go to Log & Report > Log Access > Traffic Logs to display the traffic log.
2. Click Filter Settings to display the filter tools.
3. Use the tools to filter on key columns and values.
4. Click Apply to apply the filter and redisplay the log.
Table 80 and Table 81 list the log columns in the order in which they appear in the log.
Table 80: Traffic log
Column
Example
Description
date
date=2014-12-01
Log date.
time
time=07:50:36
Log time.
log_id
log_id=0102007810
Log ID.
type
type=traffic
Log type.
subtype
subtype=slb_tcps
Log subtype: slb_layer4, slb_http, slb_tcps, slb_radius
pri
pri=information
Log level.
vd
vd=root
Virtual domain.
msg_id
msg_id=522030
Message ID.
itime
itime=2014-12-01:07:50:36
Concatenation of date and time.
duration
duration=55
Session duration.
ibytes
ibytes=138
Bytes in.
obytes
obytes=303
Bytes out.
proto
proto=6
Protocol.
service
service=tcps
Service.
src
src=31.1.1.103
Source IP address in traffic received by FortiADC.
src_port
src_port=5534
Source port.
dst
dst=21.1.1.101
Destination IP address in traffic received by FortiADC (IP address of the virtual server).
dst_port
dst_port=443
Destination port.
trans_src
trans_src=31.1.1.103
Source IP address in packet sent from FortiADC. Address might have been translated.
trans_src_port
trans_src_port=5534
Source port in packet sent from FortiADC.
trans_dst
trans_dst=21.1.1.101
Destination IP address in packet sent from FortiADC (IP address of the real server).
trans_dst_port
trans_dst_port=443
Destination port in packet sent from FortiADC.
policy
policy=L7vs
Virtual server name.
action
action=none
For most logs, action=none.
For RADIUS, action=auth or acct.
HTTP only
http_method
http_method=get
HTTP method.
http_host
http_host=10.61.2.100
Host IP address.
http_agent
http_agent=curl/7.29.0
HTTP agent.
http_url=
http_url=/ip.php
Base URL.
http_query
http_query=unknown
URL parameters after the base URL.
http_cookie
http_cookie=unknown
Cookie name.
http_retcode
http_retcode=200
HTTP return code.
RADIUS only
user
user=user1
RADIUS accounting username.
 
Table 81: Global load balancing traffic log
Column
Example
Description
date
date=2014-12-01
Log date.
time
time=07:50:36
Log time.
log_id
log_id=0102007810
Log ID.
type
type=traffic
Log type.
subtype
subtype=dns
Log subtype: dns
pri
pri=information
Log severity.
vd
vd=root
Virtual domain.
msg_id
msg_id=522030
Message ID.
itime
itime=2014-12-01:07:50:36
Concatenation of date and time.
duration
duration=55
Session duration.
ibytes
ibytes=138
Bytes in.
obytes
obytes=303
Bytes out.
proto
proto=6
Protocol.
service
service=tcps
Service.
src
src=31.1.1.103
Source IP address.
src_port
src_port=5534
Source port.
dst
dst=21.1.1.101
Destination IP address.
dst_port
dst_port=443
Destination port.
policy
policy=policy
Global load balancing policy name.
domain
domain=pool.ntp.org
FQDN from client request.
resip
resip=4.53.160.75
DNS response IP address.