Chapter 13 Logging and Reporting : Logging and reporting overview : Log files and types
  
Log files and types
As the log messages are being recorded, log messages are also being put into different log files. The log file contains the log messages that belong to that log type, for example, traffic log messages are put in the traffic log file.
When downloading the log file from within Log & Report, the file name indicates the log type and the device on which it is stored, as well as the date, time, and a unique id for that log.
This name is in the format <logtype> - <logdevice> - <date> T <time> . <id>.log.
For example, AntiVirusLog-disk-2012-09-13T11_07_57.922495.log.
Below, each of the different log files are explained. Traffic and Event logs come in multiple types, but all contain the base type such as ‘Event’ in the filename.
Table 82: Log Types based on network traffic
Log Type
Description
Traffic
The traffic logs records all traffic to and through the FortiGate interface. Different categories monitor different kinds of traffic, whether it be external, internal, or multicast.
Event
The event logs record management and activity events within the device in particular areas: System, Router, VPN, User, WAN, and WiFi. For example, when an administrator logs in or logs out of the web‑based manager, it is logged both in System and in User events.
Antivirus
The antivirus log records virus incidents in Web, FTP, and email traffic.
Web Filter
The web filter log records HTTP FortiGate log rating errors including web content blocking actions that the FortiGate unit performs.
Intrusion
The intrusion log records attacks that are detected and prevented by the FortiGate unit.
Email Filter
The email filter log records blocking of email address patterns and content in SMTP, IMAP, and POP3 traffic.
Vulnerability Scan
The Vulnerability Scan (Netscan) log records vulnerabilities found during the scanning of the network.
Data Leak Prevention
The Data Leak Prevention log records log data that is considered sensitive and that should not be made public. This log also records data that a company does not want entering their network.
VoIP
The VoIP log records VoIP traffic and messages. It only appears if VoIP is enabled on the Administrator Settings page.