Technical Note : Enabling remote logging to FortiAnalyzer or third-party Syslog server

Jonathan_Body_FTNT · ‎02-04-2010

Description

FortiClient Premium Edition allows users to enable logging to a Fortinet FortiAnalyzer device or to a third-party Syslog device, this article shows how to enable this feature using the FortiClient Console.

Scope

All FortiClient Premium Users

Solution

With a FortiClient Premium Edition License successfully activated, a FortiClient user can connect via the FortiClient Console to activate remote logging to either a Fortinet FortiAnalyzer device or Syslog Server.

Simply connect to the FortiClient Console and complete the following steps from the "General>Log Settings"

1. Determine "Maximum Log Size"

2. In Event Log Settings set the "Log Level" and "What to log" parameters, in the below example the "Log Level" is set to "Warning" and "What to log" is set to "All events"

3. Specify in the "Remote Logging" section the Server's IP address to log to, the logging facilities to be used, whether the logging device is a Fortinet FortiAnalyzer device or Syslog Server, and in the latter case the Syslog log level to be used. The Event Log Settings "Log Level" will determine the log level used with a Fortinet FortiAnalyzer device. In the below example a Syslog server is used with the default values of "local 7" for "Facilities" and the Syslog log level of "Warning"

4. To save these settings select "Apply" and the FortiClient is ready to log to the above specified Syslog server:-