Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sachitdas_FTNT
Staff
Staff

Created on ‎05-20-2019 08:08 AM

Article Id 192781

Technical Tip: Configure syslog logging for managed FortiSwitch to send FortiSwitch logs to syslog server

Description
This article describes how to configure syslog logging for managed FortiSwitch to send FortiSwitch logs to syslog server.


Solution
Below is configuration example:

1) Create a custom command on FortiGate.
# config switch-controller custom-command
(custom-command)edit syslog                                                                                                                                                <----- Where ‘syslog’ is custom command profile name.
New entry 'syslog' added.
(syslog)set command "config log syslogd2 setting %0a set status enable %0a set server "x.x.x.x" %0a end %0a"                <----- where x.x.x.x the IP address the syslog server IP address.
(syslog)end
# config switch-controller custom-command
(custom-command)edit syslog_filter
New entry 'syslog_filter' added .
(syslog_filter)set command "config log syslogd2 filter %0a set severity debug %0a end %0a"
(syslog_filter)end
2) Push the commands to all the switches: (the serial number is your switch(s) serial number).
# execute switch-controller custom-command syslog <serial# of FSW>
# execute switch-controller custom-command syslog_filter <serial# of FSW>

# config switch-controller managed-switch
    edit "S124EN591801029"
        # config custom-command
            edit "1"
                set command-name " syslog"
            next
            edit "2"
                set command-name " syslog_filter"
            next
3) Create a policy from FortiGate CLI with incoming interface as the FortiLink interface and outgoing interface where syslog server is connected:
# config firewall policy
    edit 1
        set srcintf <fortilink interface name>
        set dstintf <interface name where syslog server is located>
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "SYSLOG" "ALL_ICMP" "PING"
        set nat enable
    end
Notes:

- Setting severity to debug means that it will send debug, information, notification, warning, error, critical, alert and emergency messages.






- Note that the FortiLinkinterface (interface used to manage FSWs) is not visible in the GUI policy, source/destination interface, that is why create the policy from CLI is necessary.

- Custom Commands for Managed FortiSwitch can be found on any managed FortiSwitch guide.

Example:

page#49: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/1d963d5e-2bd4-11e9-94bf-005056...

6327
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.