Logging and Monitoring

Question 1

What are the three types of logs?

Answer 1

Traffic, events, Security logs

Question 2

What do Traffic logs record?

Answer 2

traffic flow info, (http/https requests)

Question 3

What are the three types of traffic logs?

Answer 3

Forward, Local, Sniffer

Question 4

What is a forward log?

Answer 4

contains info about traffic FTG either accepted or rejected according to FW policy

Question 5

What is a local log?

Answer 5

contains info about the traffic directly to and from the FG management IP add. Includes connection to the GUI and FortiGaurd queries.

Question 6

What are sniffer logs

Answer 6

contain information related to traffic seen by the one-arm sniffer.

Question 7

What are Event Logs?

Answer 7

Event logs record system and administrative events like adding or modifying a setting, or daemon activities or FortiGuard updates and GUI logins .

Question 8

What are some examples of Event logs?

Answer 8

User, System, Router, VPN, Wifi

Question 9

What are security logs?

Answer 9

record security events, such as virus attacks and intrusion attempts. They contain log entries based on the security profile type. (App Control, AV, DNS, File Filter, Web Filter, IP, SSL SSH)

Question 10

What is the default number of days logs are stored on disk?

Answer 10

7 days

Question 10

What is the highest severity of a log?

Answer 10

0 = Emergency (system is unstable)

Question 11

What is the lowest severity of a log

Answer 11

7 Debug (rarely used unless working with Fortisupport)

Question 12

If you are using one hard drive for WAN optimization can you use it for logging?

Answer 12

No, unless there is a second hard drive that is not being used for WAN optimization. If no second HD use syslog or FortiAnalyzer.

Question 13

How much space does FTG reserve for logging?

Answer 13

Approx 75%

Question 14

What are examples of Remote Logging Servers?

Answer 14

Syslog
FortiCloud
FortiAnalyzer
FortiSIEM
FortiManager

Question 15

What are the differences between FortiManager and FortiAnalyzer from a logging perspective?

Answer 15

FortiManager limits logs volumes are limited to a fixed amount per day
Whereas FortiAnalyzer is meant to store and analyze logs so its limit is much higher.

Question 16

What process caches logs with FTG can’t reach FrotiAnalyzer?

Answer 16

miglogd (for long enough to reboot FortiAnalyzer)

Question 17

What port does FTG use for log transmission?

Answer 17

UDP 514

Question 18

What compression algorithm is used to compress logs

Answer 18

LZ4

Question 19

In a Firewall policy What does Logging allowed traffic setting do?

Answer 19

It needs to be turned on for any logging to occur

Question 20

In a Firewall policy What does only logging security events provide?

Answer 20

logs appear in the forward traffic log and security log.

Question 21

In a Firewall policy What does logging All sessions provide?

Answer 21

Every session generates a log and is logs appear in the security log events

Question 22

How do you anonymize logs of usernames?

Answer 22

config log setting
Set user-anonymize enable

Question 23

How do you view logs associated with a FW policy?

Answer 23

Right click on the policy and then click Show Matching Logs

Question 24

Your customer has configured FTG to send logs to FortiAnalyzer but the test connectivity button continues to show a failed connection. What’s wrong?

Answer 24

You need to register FTG to the FortiAnalyzer.