Industrial grade firewalls provide a lot of insights into network activities, not only the raw logs, and they tend to provide exceptional results. Firewalls, such as Fortinet, Check Point, and many others, provide deep analysis of the traffic daily to the administrators. Let's look at an example report generated by Fortinet's Firewall, as follows:

We have a variety of threats in the preceding screenshot. There are many failed attempts that were blocked by the firewall, including HTTP XXE attacks, proxies, mimikatz, and various malicious websites visited. Let's see some more details:

We can see from the preceding screenshot that we have the top virus infections, top virus victims, and the top attacks on the network. Additionally, we can also see where the attacks are going, as follows:

The Fortinet firewall generated the preceding log report. Along with providing details related to the attacks and malware, the firewall also provides trends in the traffic stats, as shown in the following screenshot:

We can see plenty of stats in the report in the preceding screenshot. The logs can be drilled down further from the web panels. The idea of showing you the previous report is to demonstrate that sometimes you don't have to re-invent the wheel and carry out deep analysis in situations where you have reports for your perusal, thus revealing plenty of information. Additionally, the raw format for Fortinet's FortiGate logs is as follows:

We can see that FortiGate logs provide enough information, such as source IP, destination IP, ports, attack type, and a variety of other information.