When "Log Allowed Traffic" in firewall policy is set to "Security Events" it will only log Security (UTM) events (e.g. AV, IPS, firewall web filter), providing you have applied one of them to a firewall (rule) policy. 'Log all sessions' will include traffic log include both match and non-match UTM profile defined.

2014年10月10日 · Hi, this will be obvious, but, if I only want to see some kind of logs from a UTM security profile such as DLP, web-filter or so on, then do I need to activate the " log all sessions" option or only " log security events" ?

FortiGate可以配置UTM日志作为自动化的触发器（Trigger），在发生特定UTM日志ID时触发。 配置时可以选择多个UTM日志ID，还可以自定义日志字段筛选器。 UTM日志触发器可以从“Security Fabric→自动化→触发”页面进行配置。

2020年10月20日 · Enable extended logging for the following UTM profiles: Anti-virus. Application. DLP. IPS. WAF. Web filter. When the extended-log option is enabled for UTM profiles, all HTTP header information for HTTP-deny traffic is logged.

FortiAnalyzer correlates traffic logs to corresponding UTM logs so that it can report sessions/bandwidth together with its UTM threats. Within a single FortiGate, the correlation is performed by grouping logs with the same session IDs, source and destination IP addresses, and source and destination ports.

Sophos UTM provides extensive logging capabilities by continuously recording various system and network protection events. The detailed audit trail provides both historical and current analysis of various network activities to help identify potential security threats or to troubleshoot occurring problems.

On the Logging & Reporting > Log Settings > Remote Syslog Server tab you can make the settings for remote logging. This function allows you to forward log messages from Sophos UTM to other hosts. This is especially useful for networks using a host to collect logging information from several Sophos UTM units.

This is a brief little script that logs in to your UTM via SSH using passwords that it prompts you for, and then proceeds to loop over every Web Filter and proxy profile looking for any action that does not have both logging options enabled.

Local logging is enabled by default. However, to activate local logging in case it was disabled, proceed as follows: On the Local Logging tab enable local logging. Click the toggle switch. The toggle switch turns green and the areas on this tab become editable. Select a time frame when log files are to be deleted.

I pointed my remote logging to my logstash server on port 5140. This works for all of the UTM log types that are key-value pairs. e.g. packetfilter, httpproxy, end point web protection, ips...