Changes to logging in security policies
Instead of enabling or disabling traffic logging in security policies three Logging Options are now available:
• No Log, do not record log messages about traffic accepted by this security policy
• Log UTM Events, record traffic log messages when a UTM event occurs (such as when a virus is found by antivirus, a web page is blocked by web filtering, or the application responsible for a session is identified by application control).
• Log all Sessions, record traffic log messages for all sessions. For all sessions, a single traffic log message is recorded when the session ends. If you select this option, you can choose to record a traffic log message when a session starts as well. You can also choose to capture packets.
Enabling logging in a security policy can affect FortiGate performance because of the extra system resources required to record log messages. The performance hit can be reduced by selecting Log UTM Events, since fewer log messages will be recorded.
You can also enter the following command to write a log message when a session starts:
config firewall policy
edit <policy-index>
set logtraffic-start
end