What’s new in FortiOS 6.0 Logging

What’s new in FortiOS 6.0

The following list contains new Logging & Reporting features added in FortiOS 6.0.

Automatic synchronization of log display location

In previous versions, log display location could differ between Log & Report and FortiView, which could result in empty log screens if the two were not synchronized. Now, both log viewers automatically pick the best available log device. A different log device can be manually selected.

As a result, the associated CLI command log gui-display location has been removed.

Improved log messages for SD-WAN link quality changes

FortiOS 6.0 introduces two new log messages:

  • 22923: LOG_ID_EVENT_VWL_LQTY_STATUS is created when a member’s link quality is changed.
  • 22924: LOG_ID_EVENT_VWL_VOLUME_STATUS is used only when load-balance-mode is set to

measured-volume-based. The log is created when a member starts or stops receiving traffic.

Extended UTM logging and improved syslog configuration

Multiple UTM features now have the ability to enable extended logging: WAF, Web Filtering, DLP, AntiVirus.

These new features can be enabled in the CLI:

config waf profile edit <profile name> set extended-log {enable | disable} end

config webfilter profile edit <profile name> set web-extended-log {enable | disable} set web-extended-all-action-log {enable | disable} end

config dlp sensor edit <sensor name> set dlp-extended-log {enable | disable} end

config antivirus profile edit <profile name> set av-extended-log {enable | disable} end

Updated reliable syslog encryption to comply with RFC 5425

In order to align with RFC 5425 (syslog on an encrypted TLS connection over TCP) and general logging security standards for syslog, reliable syslog encryption is customizable in the CLI: config log syslog setting set enc-algorithm {high-medium | high | low | disable} end

Also, syslog options for reliable logging transmission have been expanded:

config log syslog setting set mode {udp | legacy-reliable | reliable} end

See the FortiOS CLI Reference for more information about these commands.

Improved log display consistency at high load

Previous versions could display inconsistent log data when using Drill Down charts and when navigating between different log tables (in both Log & Report and FortiView). The maximum number of records now varies based on length that logs are kept, relative to device model size. Record numbers are configurable in config report setting.

Log database queries used to collect Top Sources and Top Destinations data are significantly more efficient due to improved indexing speed.

This entry was posted in Administration Guides, Fortinet, FortiOS 6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.