Viewing Log Messages

1 Reply

Cross-searching log messages

Since different types of log files record different events/activities, the same SMTP session (with one or more email messages sent during the session) or the same email message may be logged in different types of log files. For example, if the FortiMail units detects a virus in an email messages, this event will be logged in the following types of log files:

  • History log: because the history log records the metadata of all sent and undelivered email messages.
  • AntiVirus log: because a virus is detected. The antivirus log has more descriptions of the virus than the history log does.
  • Event log: because the FortiMail system’s antivirus process has been started and stopped.

To find and display all log messages triggered by the same SMTP session or the same email message, you can use the cross-search feature.

The cross-search searches log files recorded five minutes before and after the log entry (this design is for performance purpose). Therefore, the search may cover multiple log files but may not cover all the related log files if any log files are recorded out of the ten minutes interval.

Figure 86:Sample log message cross-search results

To do a cross-search of the log messages

  1. Go to Monitor > Log.
  2. When viewing a log message on the History, Even, AntiVirus, or AntiSpam tab, right-click the log message that has a message ID. From the pop-up menu, select:
    • Cross Search (Session) to search for the log messages triggered by the same SMTP session. This may result in multiple email messages if multiple messages were sent in the same SMTP session.
    • Cross Search (Message) to search for the log messages triggered by the same email message.

You can also click the session ID of the log message to search for the log messages triggered by the same SMTP session. This is equivalent to the Cross Search (Session) pop-up menu.

All correlating history, event, antivirus and antispam log messages will appear in a new tab.

Pages: 1 2 3 4
This entry was posted in Administration Guides, FortiMail on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

One thought on “Viewing Log Messages

  1. ken chua

    Dear Sir,
    G’day to you. I am new to Fortigate device. I have some queries regarding the log which showing direction “outgoing” but the mail actually going to local mail server.
    2nd, I have enable the log for Outbound mail log and i did enable all session log but so far i don’t see any of other mail that going out. Please advise.
    3rd, regarding BWL local override, i have enable this in CLI, does this apply to POP and IMAP as well?
    if my domain blacklist in fortiguard, can I use BWL to whitelist(Override) it?
    4.Spam submission- i have enable this, do you have any sample on this?

    Thanks and appreciate your help.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.