Chapter 4 FortiOS Carrier : Carrier web-based manager settings : GTP Profile : Log options
  
Log options
All the GTP logs are treated as a subtype of the event logs. To enable GTP logging, you must:
configure the GTP log settings in a GTP profile
enable GTP logging when you configure log and report settings.
To enable GTP logging after a GTP profile has been configured
1. Go to Log & Report > Log Config > Log Settings.
2. Select Event Logging, and select GTP service event.
3. Select Apply.
 
Log section of the New GTP Profile page
Log Frequency
Enter the number of messages to drop between logged messages.
An overflow of log messages can sometimes occur when logging rate-limited GTP packets exceed their defined threshold. To conserve resources on the syslog server and the Carrier-enabled FortiGate unit, you can specify that some log messages are dropped. For example, if you want only every twentieth message to be logged, set a logging frequency of 20. This way, 20 messages are skipped and the next logged.
Acceptable frequency values range from 0 to 2147483674. When set to ‘0’, no messages are skipped.
Forwarded Log
Select to log forwarded GTP packets.
Denied Log
Select to log GTP packets denied or blocked by this GTP profile.
Rate Limited Log
Select to log rate-limited GTP packets.
State Invalid Log
Select to log GTP packets that have failed stateful inspection.
Tunnel Limit Log
Select to log packets dropped because the maximum limit of GTP tunnels for the destination GSN is reached.
Extension Log
Select to log extended information about GTP packets. When enabled, this additional information will be included in log entries:
IMSI
MSISDN
APN
Selection Mode
SGSN address for signaling
SGSN address for user data
GGSN address for signaling
GGSN address for user data
Traffic count Log
Select to log the total number of control and user data messages received from and forwarded to the GGSNs and SGSNs that the unit protects.
The unit can report the total number of user data and control messages received from and forwarded to the GGSNs and SGSNs it protects. Alternately, the total size of the user data and control messages can be reported in bytes. The unit differentiates between traffic carried by each GTP tunnel, and also between GTP-User and GTP-Control messages.
The number of messages or the number of bytes of data received from and forwarded to the SGSN or GGSN are totaled and logged if a tunnel is deleted.
When a tunnel is deleted, the log entry contains:
Timestamp
Interface name (if applicable)
SGSN IP address
GGSN IP address
TID
Tunnel duration time in seconds
Number of messages sent to the SGSN
Number of messages sent to the GGSN