Description
This article explains how to enable remote logging to a FortiAnalyzer unit from a FortiManager unit.
Scope
FortiAnalyzer software versions 4.0 MR2, 4.0 MR3 and 5.0.x.
FortiManager software versions 4.0 MR2, 4.0 MR3 and 5.0.x.
Solution
Since FortiManager version 4.0 MR2, the feature "remote logging to a FortiAnalyzer unit" on the FortiManager system has been removed from the web based admin interface (GUI). This can now be configured on the FortiManager unit by setting the following parameters via the CLI.
For version 4.0 MR2 and 4.0 MR3:
config fmsystem log fortianalyzer
set ip <FortiAnalyzer_address>
set status enable
end
config fmsystem locallog fortianalyzer setting set status enable set severity <severity level> end
|
If FortiAnalyzer IP is configured and enabled, but no specific locallog settings are configured, only few events log, like login/logout, will be forwarded to the FortiAnalyzer unit (default severity level : alert).
To forward more FortiManager local log messages, the severity must be adjusted, for instance to "Information" or "debug".
For version 5.0:
config system log fortianalyzer
edit 1
set ip <FortiAnalyzer_address>
set status enable
next
end
config system locallog fortianalyzer setting set status enable set severity <severity level> end
|
Important notes:
FortiAnalyzer versions 5.0.0 to 5.0.5 do not support logs, sent by a FortiManager unit.
FortiManager software version 5.0 can still send logs to a FortiAnalyzer version 4.0 MR3.
FortiManager logs feature is planned to be supported in a later FortiAnalyzer 5.0.x release.