Advanced logging – FortiOS 6

2 Replies

Configuring logging to multiple Syslog servers

A single remote Syslog server can be configured in the GUI, in Log & Report > Log Settings, but for a larger network, you will have to configure it in the CLI.

When configuring multiple Syslog servers (or one Syslog server), you can configure reliable delivery of log messages from the Syslog server. Configuring of reliable delivery is available only in the CLI.

If VDOMs are enabled, you can configure separate FortiAnalyzer unit or Syslog server for each VDOM.

Configuring logging to multiple Syslog servers

To enable logging to multiple Syslog servers:

  1. Log in to the CLI.
  2. Enter the following commands:

config log syslogd setting set csv {disable | enable} set facility <facility_name> set port <port_integer> set reliable {disable | enable} set server <ip_address> set status {disable | enable}

end

  1. Enter the following commands to configure the second Syslog server:

config log syslogd2 setting set csv {disable | enable} set facility <facility_name> set port <port_integer> set reliable {disable | enable} set server <ip_address> set status {disable | enable}

end

  1. Enter the following commands to configure the third Syslog server:

config log syslogd3 setting set csv {disable | enable} set facility <facility_name> set port <port_integer> set reliable {disable | enable} set server <ip_address> set status {disable | enable}

end

  1. Enter the following commands to configure the fourth Syslog server:

config log syslogd4 setting set csv {disable | enable} set facility <facility_name> set port <port_integer> set reliable {disable | enable} set server <ip_address> set status {disable | enable}

end

Most FortiGate features are, by default, enabled for logging. You can disable individual FortiGate features you do not want the Syslog server to record, as in this example:

config log syslogd filter set local-traffic {enable | disable}

set severity {alert | critical | debug | emergency | error | information | notification | warning}

end

Using Automatic Discovery to connect to a FortiAnalyzer unit

Using Automatic Discovery to connect to a FortiAnalyzer unit

Automatic Discovery can be used if the FortiAnalyzer unit is on the same network.

To connect using automatic discovery

  1. Log in to the CLI.
  2. Enter the following command syntax:

config log fortianalyzer setting set status enable set server <ip_address> set gui-display enable set address-mode auto-discovery

end

If your FortiGate unit is in Transparent mode, the interface using the automatic discovery feature will not carry traffic. For more information about how to enable the interface to also carry traffic when using the automatic discovery feature, see the Fortinet Knowledge Base article, Fortinet Discovery Protocol in Transparent mode.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5
This entry was posted in Administration Guides, Fortinet, FortiOS 6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

2 thoughts on “Advanced logging – FortiOS 6

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.