Logging – FortiAuthenticator 4.0

Logging

Accounting is an important part of FortiAuthenticator. The Logging menu tree provides a record of the events that have taken place on the FortiAuthenticator unit.

Log access

To view the log events table, go to Logging > Log Access > Logs.

The following options and information are available:

Refresh Refresh the log list.
Download Raw Log Export the FortiAuthenticator log to your computer as a text file named fac.log.
Log Type Reference Select to view the log type reference dialog box. See Log type reference on page 155.
Debug Report Select to download the debug report to your computer as a file named report.dbg.
Search Enter a search term in the search field, then select Search to search the log message list.

The search string must appear in the Message portion of the log entry to result in a match. To prevent each term in a phrase from being matched separately, multiple keywords must be in quotes and be an exact match. After the search is complete the number of positive matches will be displayed next to the Search button, with the total number of log entries in brackets following. Select the total number of log entries to return to the full list. Subsequent searches will search all the log entries, and not just the previous search’s results.

ID The log message’s ID.
Timestamp The time the message was received.

Log access                                                                                                                                              Logging

Level The log severity level:

Emergency: The system has become unstable. l Alert: Immediate action is required. l Critical: Functionality is affected.

Error: An erroneous condition exists, and functionality is probably affected.

Warning: Functionality could be affected. l Notification: Information about normal events. l Information: General information about system operations. l Debug: Detailed information useful for debugging purposes.

Category The log category, which is always Event. See Log type reference on page 155.
Sub category The log subcategory. See Log type reference on page 155.
Type id The log type ID.
Action The action which created the log message, if applicable.
Status The status of the action that created the log message, if applicable.
NAS name/IP The NAS name or IP address of the relevant device if an authentication action fails.
Short message The log message itself, sometimes slightly shortened.
User The user to whom the log message pertains.

To view log details:

From the log list, select the log whose details you need to view by clicking anywhere within the log’s row. The Log Details pane will open on the right side of the window.

After viewing the log details, select the close icon in the top right corner of the pane to close the details pane. Log type reference

Select Log Type Reference in the log list toolbar to open the log type reference dialog box.

The following information and options are available:

Search   Enter a search term in the search field, then select Search to search the log type reference.
Type id   The log type ID.
>Name   The name of the log type.

155

Logging                                                                                                                                               Log access

Sub category The log type subcategory, one of: Admin Configuration, Authentication, System, High Availability, UserPortal, or Web Service.
Category The log type category, which is always Event.
Description A brief description of the log type.

To close the Log Type Reference dialog box, select close above the top right corner of the box, or simply click anywhere outside of the box within the log list.

Log configuration                                                                                                                                    Logging

Sort the log messages

The log message table can be sorted by any column. To sort the log entries by a particular column, select the title for that column. The log entries will now be displayed based on data in that column in ascending order. Select the column heading again to sort the entries in descending order. Ascending or descending is displayed with an arrow next to the column title, an up arrow for ascending and down arrow for descending.

Log configuration

Logs can be remotely backed up to an FTP server, automatically deleted, and sent to a remote syslog server in lieu of storing them locally.

Log settings

To configure log backups, automatic deletion, and remote storage, go to Logging > Log Config > Log Setting.

To configure log backups:

  1. In the log settings window, select Enable remote backup in the Log Backup
  2. Select the frequency of the backups in the Frequency field as either Daily, Weekly, or Monthly.
  3. Configure the time of day that the backup will occur in one of the following ways:

l Enter a time in the Time field l Select Now to enter the current time l Select the clock icon and choose a time from the pop-up menu: Now, Midnight, 6 a.m., or Noon.

  1. Select an FTP server from the drop-down list in the FTP server For information on configuring an FTP server, see FTP servers on page 44.
  2. Select OK to save your settings.

To configure automatic log deletion:

  1. In the log settings window, select Enable log auto-deletion in the Log Auto-Deletion
  2. In the Auto-delete logs older than field, select day(s), week(s), or month(s) from the drop-down list, then enter the number of days, weeks, or months after which a log will be deleted.
  3. Select OK to save your settings.

157

Logging                                                                                                                                    Log configuration

To configure logging to a remote syslog server:

  1. In the log settings window, select Send logs to remote Syslog servers in the Remote Syslog
  2. Move the syslog servers to which the logs will be sent from the Available syslog servers box to the Chosen syslog servers

For information on adding syslog servers, see Syslog servers on page 158.

  1. Select OK to save your settings.

Syslog servers

Syslog servers can be used to store remote logs. To view the syslog server list, go to Logging > Log Config > Syslog Servers.

Create New   Add a new syslog server.
Delete   Delete the selected syslog server or servers.
Edit   Edit the selected syslog server.
Name   The syslog server name on the FortiAuthenticator unit.
Server name/IP   The server name or IP address, and port number.

To add a syslog server:

  1. From the syslog servers list, select Create New. The Create New Syslog Server window opens.
  2. Enter the following information:
Name Enter a name for the syslog server on the FortiAuthenticator unit.
Server name/IP Enter the syslog server name or IP address.
Port Enter the syslog server port number. The default port is 514.
Level Select a log level to store on the remote server from the drop-down list. See Level on page 155.
Facility Select a facility from the drop-down list.
  1. Select OK to add the syslog server.

 

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.