Logging and Reporting : Using the traffic log
 
Using the traffic log
The Traffic Log table displays logs related to traffic served by the FortiADC deployment.
Figure 62 shows the Traffic log table. By default, the log is filtered to display Server Load Balancing - Layer 4 traffic logs, and the table lists the most recent records first.
You can use the following category filters to review logs of interest:
SLB Layer 4—Traffic served by virtual servers of type Layer 4
SLB HTTP—Traffic served by virtual servers with HTTP profiles
SLB TCPS—Traffic served by virtual servers with TCPS profiles
SLB RADIUS—Traffic served by virtual servers with RADIUS profiles
GLB—Traffic served by global load balancing policies
Figure 62: Traffic log
Within each category, you can use Filter Setting controls to filter the table based on the values of matching data:
Date
Time
Proto
Service
Src
Src_port
Dst
Dst_port
Policy
Action
The last column in each table includes a link to log details.
Before you begin:
You must have Read-Write permission for Log & Report settings.
To view and filter the log:
1. Go to Log & Report > Log Access > Traffic Logs to display the traffic log.
2. Click Filter Settings to display the filter tools.
3. Use the tools to filter on key columns and values.
4. Click Apply to apply the filter and redisplay the log.
Table 112 to Table 115 list the log columns in the order in which they appear in the log.
Table 112: SLB Layer 4 and SLB TCPS logs
Column
Example
Description
date
date=2014-12-01
Log date.
time
time=07:50:36
Log time.
log_id
log_id=0102007810
Log ID.
type
type=traffic
Log type.
subtype
subtype=slb_tcps
Log subtype: slb_layer4, slb_tcps.
pri
pri=information
Log level.
vd
vd=root
Virtual domain.
msg_id
msg_id=522030
Message ID.
itime
itime=2014-12-01:07:50:36
Concatenation of date and time.
duration
duration=55
Session duration.
ibytes
ibytes=138
Bytes in.
obytes
obytes=303
Bytes out.
proto
proto=6
Protocol.
service
service=tcps
Service.
src
src=31.1.1.103
Source IP address in traffic received by FortiADC.
src_port
src_port=5534
Source port.
dst
dst=21.1.1.101
Destination IP address in traffic received by FortiADC (IP address of the virtual server).
dst_port
dst_port=443
Destination port.
trans_src
trans_src=31.1.1.103
Source IP address in packet sent from FortiADC. Address might have been translated.
trans_src_port
trans_src_port=5534
Source port in packet sent from FortiADC.
trans_dst
trans_dst=21.1.1.101
Destination IP address in packet sent from FortiADC (IP address of the real server).
trans_dst_port
trans_dst_port=443
Destination port in packet sent from FortiADC.
policy
policy=L7vs
Virtual server name.
action
action=none
For most logs, action=none.
srccountry
srccountry=Reserved
Location of the source IP address.
dstcountry
dstcountry=Reserved
Location of the destination IP address.
 
Table 113: SLB HTTP log
Column
Example
Description
date
date=2014-12-01
Log date.
time
time=07:50:36
Log time.
log_id
log_id=0102007810
Log ID.
type
type=traffic
Log type.
subtype
subtype=slb_http
Log subtype: slb_http.
pri
pri=information
Log level.
vd
vd=root
Virtual domain.
msg_id
msg_id=522030
Message ID.
itime
itime=2014-12-01:07:50:36
Concatenation of date and time.
duration
duration=55
Session duration.
ibytes
ibytes=138
Bytes in.
obytes
obytes=303
Bytes out.
proto
proto=6
Protocol.
service
service=http
Service.
src
src=31.1.1.103
Source IP address in traffic received by FortiADC.
src_port
src_port=5534
Source port.
dst
dst=21.1.1.101
Destination IP address in traffic received by FortiADC (IP address of the virtual server).
dst_port
dst_port=443
Destination port.
trans_src
trans_src=31.1.1.103
Source IP address in packet sent from FortiADC. Address might have been translated.
trans_src_port
trans_src_port=5534
Source port in packet sent from FortiADC.
trans_dst
trans_dst=21.1.1.101
Destination IP address in packet sent from FortiADC (IP address of the real server).
trans_dst_port
trans_dst_port=443
Destination port in packet sent from FortiADC.
policy
policy=L7vs
Virtual server name.
action
action=none
For most logs, action=none.
http_method
http_method=get
HTTP method.
http_host
http_host=10.61.2.100
Host IP address.
http_agent
http_agent=curl/7.29.0
HTTP agent.
http_url=
http_url=/ip.php
Base URL.
http_qry
http_qry=unknown
URL parameters after the base URL.
http_cookie
http_cookie=unknown
Cookie name.
http_retcode
http_retcode=200
HTTP return code.
user
user=user1
User name.
usergrp
usergrp=companyABC
User group.
auth_status
auth_status=success
Authentication success/failure.
srccountry
srccountry=Reserved
Location of the source IP address.
dstcountry
dstcountry=Reserved
Location of the destination IP address.
 
Table 114: SLB RADIUS log
Column
Example
Description
date
date=2014-12-01
Log date.
time
time=07:50:36
Log time.
log_id
log_id=0102007810
Log ID.
type
type=traffic
Log type.
subtype
subtype=slb_radius.
Log subtype: slb_radius.
pri
pri=information
Log level.
vd
vd=root
Virtual domain.
msg_id
msg_id=522030
Message ID.
itime
itime=2014-12-01:07:50:36
Concatenation of date and time.
duration
duration=55
Session duration.
ibytes
ibytes=138
Bytes in.
obytes
obytes=303
Bytes out.
proto
proto=6
Protocol.
service
service=radius
Service.
src
src=31.1.1.103
Source IP address in traffic received by FortiADC.
src_port
src_port=5534
Source port.
dst
dst=21.1.1.101
Destination IP address in traffic received by FortiADC (IP address of the virtual server).
dst_port
dst_port=443
Destination port.
trans_src
trans_src=31.1.1.103
Source IP address in packet sent from FortiADC. Address might have been translated.
trans_src_port
trans_src_port=5534
Source port in packet sent from FortiADC.
trans_dst
trans_dst=21.1.1.101
Destination IP address in packet sent from FortiADC (IP address of the real server).
trans_dst_port
trans_dst_port=443
Destination port in packet sent from FortiADC.
policy
policy=L7vs
Virtual server name.
action
action=none
For RADIUS, action=auth or acct.
user
user=user1
RADIUS accounting username.
srccountry
srccountry=Reserved
Location of the source IP address.
dstcountry
dstcountry=Reserved
Location of the destination IP address.
 
Table 115: GLB log
Column
Example
Description
date
date=2014-12-01
Log date.
time
time=07:50:36
Log time.
log_id
log_id=0102007810
Log ID.
type
type=traffic
Log type.
subtype
subtype=dns
Log subtype: dns.
pri
pri=information
Log severity.
vd
vd=root
Virtual domain.
msg_id
msg_id=522030
Message ID.
itime
itime=2014-12-01:07:50:36
Concatenation of date and time.
duration
duration=55
Session duration.
ibytes
ibytes=138
Bytes in.
obytes
obytes=303
Bytes out.
proto
proto=6
Protocol.
service
service=http
Service.
src
src=31.1.1.103
Source IP address.
src_port
src_port=5534
Source port.
dst
dst=21.1.1.101
Destination IP address.
dst_port
dst_port=443
Destination port.
policy
policy=policy
Global load balancing policy name.
domain
domain=pool.ntp.org
FQDN from client request.
resip
resip=4.53.160.75
DNS response IP address.
srccountry
srccountry=Reserved
Location of the source IP address.
dstcountry
dstcountry=Reserved
Location of the destination IP address.