What specific types of logs can FortiAnalyzer collect from FortiGate?
What logs can actually be sent to FAZ?
💡
This is part of an on-going series in cybersecurity foundations. Check the cyber 101 article tag index from time to time for more content.
We've been chatting about FortiAnalyzer quite a bit this week but I neglected to answer a pretty relevant question: what specific types of FortiGate logs can be collected by FortiAnalyzer?
Here are the log types that FortiAnalyzer automatically has permission to collect upon successful registration:
- General Logs - These would be traditional logs about Traffic, Event, and Security.
- DLP Archive - (If DLP features are licensed/enabled) this would be logs documenting info about sensitive data trying to enter or leave the network through various vehicles (email, IM, web traffic, etc).
- Quarantine - Information about files which have been placed into quarantine.
- IPS Packet Log - This would be log info about IPS pattern-matching hits.
For more information (including a full list of logs collected for other Fortinet data sources), check out this resource:
Types of logs collected for each device | Administration Guide
