Log message for packet capture and tcpdump start/stop

This article describes that in v7.6.0, there is a logging enhancement for the log message to tackle packet capture activity.

Scope

FortiOS 7.6.0.

Solution

When the admin starts a packet capture, a system event log will be generated with log ID 0100035100.

When the admin stops a packet capture, a system event log will be generated with log ID 0100035101

Logs are created whenever packet capture runs in GUI using the diagnostic tab/CLI and the ‘diag sniffer packet’ command’.

Example:

Packet capture command start:

Packet capture start log:

Packet capture command stop:

Packet capture stop log: