What system logs can I view in 5.1?
KB ARTICLE TYPE: Design
RELATED PRODUCTS: All controllers supported in 5.1
RELATED SOFTWARE VERSIONS: 5.1
KEYWORDS: syslog
The 5.1 Syslog records the following:
The CLI command show log lists the entire log. To view the system log files from the Web UI, click Maintenance > Syslog > View Syslog Files.
Facility Name can be one of these eight sources of information:
Facility | Messages contain... |
Security | Creation and violation of security
configuration, including User logins and Captive Portal activity |
QoS | Quality of Service messages for both creation and violation of QoS rules created on this controller |
System WNC | Rogue AP syslog messages |
NMS | Network Manager Server syslog messages |
Mobility | Handoff or redirect messages |
Bulk Update | Any use of the bulk update commands available from the GUI are noted here. The Bulk Update function, accessed from the AP Configuration, Wireless Interfaces Configuration, and Antenna Property pages, updates a group of selected APs. Bulk Update works the same in each of these areas, but the items to be updated are specific to the page where the bulk update is being initiated. |
Per-user Firewall | Creation and violation of per-user firewalls |
Select one of the Facilities listed in the above chart and then click View Syslog to see the details (explained below).
Entry | Meaning |
Line | Line number of the syslog file where the entry is located |
Priority | Severity of the entry. Possible
priorities are: debug, info, notice, warning, error, err, crit, alert, emerg, panic. |
Mnemonic | Three-letter mnemonic assigned to the
entry: CAP = Captive Portal RED = redirect FOR = forward WAU = WebAuth user authentication WST = Web Server Event WPW = Web UI user password administration |
Time | Date and time when the entry was logged. |
Record | The details of the syslog event depend on
the category of the message:
Security: User logins, Captive Portal activity QoS: Creation and violation of QoS rules System WNC: Rogue activity NMS: If this controller is part of Network Manager, all activity initiated by the Network Manager Server Mobility: This consists primarily of RED (redirect) messages Bulk Update: AP updates done in groups Upgrade: System Director upgrades Per-User Firewall: Creation and violation of firewalls |
To search for information on any column of a Facility screen, do the following:
In the box at the top of any column (Line,
Priority, Mnemonic, Time, Record), provide search data to filter the
messages. You then see only
messages that fit that filter. For
Priority, you see messages of the selected priority level and higher;
for example, a search for debug shows every message because debug is the
lowest priority level. A search for info shows the messages info and
higher: notice, warning, error, err, crit, alert emerg, panic (highest
priority).
You can also click the calendar icon above the Time column to enter a specific date or time to filter syslog messages in this category.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.