Howdy all,<\/p>\n
I am trying to view Deny traffic logs on a Fortigate 30E
\n(FortiGate 30Ev6.2.15 build1378 (GA)
\nand they are not showing up.
\nVia the CLI - log severity level set to Warning
\nLocal logging<\/p>\n
Here is the details:
\nCMB-FL01 # show full-configuration log memory filter
\nconfig log memory filter
\nset severity warning
\nset forward-traffic enable
\nset local-traffic enable
\nset multicast-traffic enable
\nset sniffer-traffic enable
\nset anomaly enable
\nset voip enable
\nset filter ‘’
\nset filter-type include<\/p>\n
The Fortigate is getting hammered, with alerts coming in thusly: (Sanitized)<\/p>\n
Message meets Alert condition
\ndate=2024-11-14 time=15:04:05 devname=CMB-FL01 devid=FGT30E5777885133 logid=“0000000013” type=“traffic” subtype=“forward” level=“notice” vd=“root” eventtime=1731621845329636171 tz=“-0700” srcip=194.264.22.254 srcport=56676 srcintf=“wan” srcintfrole=“wan” dstip=93.22.3.19 dstport=10443 dstintf=“lan” dstintfrole=“lan” sessionid=3808968 proto=6 action=“deny” policyid=0 policytype=“policy” service=“tcp/10443” dstcountry=“Canada” srccountry=“Canada” trandisp=“dnat” tranip=195.137.0.254 tranport=443 duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat=“unscanned” crscore=30 craction=131072 crlevel=“high”<\/p>\n
Implicit Deny policy in place - set to log violation Traffic:
\n