Hot!policy id and web filtering action

Author
Fullmoon
Platinum Member
  • Total Posts : 868
  • Scores: 13
  • Reward points: 0
  • Joined: 2010/08/02 18:02:10
  • Status: offline
2019/11/27 05:02:48 (permalink)
0

policy id and web filtering action

I executed these commands 
 
#diagnose debug urlfiler src-addr <source ip>
#diagnose debug app urlfilter -1
#diagnose debug debug enable
Debug messages will be on for 30 minutes.
 
 
......and these are the output I gathered. Looks great coz I can filtered the src ip address and the action of Web Filter. Is there a way to include in the logs the policy ID which it was hitting? Any help is much appreciated
msg="Cache miss" user="N/A" src=172.x.y.10 sport=57391 dst=13.35.99.49 dport=80 service="http" hostname="www.playboy.com" url="/"
action=10(ftgd-block) wf-act=3(BLOCK) user="N/A" src=172.x.y.10 sport=57391 dst=13.35.99.49 dport=80 service="http" cat=14 hostname="www.playboy.com" url="/"
msg="received a request /tmp/.ipsengine_723_0_0.url.socket, addr_len=37: d=www.playboy.com:80, id=2, cat=255, vfname='root', vfid=0, profile='default', type=0, client=172.x.y.10, url_source=1, url="/favicon.ico"

Fortigate Newbie
#1

2 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 1791
    • Scores: 145
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: policy id and web filtering action 2019/11/27 09:20:54 (permalink)
    0
    I don't know if adding policy ID to the urlfilter debug output is possible. But if you know src/dst address, you can easily find it out in the session table.
    # diag sys session filter clear
    # diag sys session filter src 172.x.y.10
    # diag sys session filter dst 13.35.99.49
    # diag sys session list
     
    It's in the 13th line like below
    misc=0 policy_id=2 auth_info=0 chk_client_info=0 vd=0
    #2
    Fullmoon
    Platinum Member
    • Total Posts : 868
    • Scores: 13
    • Reward points: 0
    • Joined: 2010/08/02 18:02:10
    • Status: offline
    Re: policy id and web filtering action 2019/11/27 16:00:14 (permalink)
    0
    Got that command already, I was thinking I could inject add'l syntax to display policy id so that In a single execution I could get the info needed.
     
    again, thanks a lot Toshi Esumi 

    Fortigate Newbie
    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5