DescriptionThis article describes how configure FortiADC to send log to Syslog Server.
Useful links:
1) Fortinet Documentation here.
2) External : Kiwi Syslog here.
SolutionBefore configuring FortiADC, set up Kiwi Syslog Server.
The following is the configuration:
1) Go to Log & Report > Log setting
2) In Syslog Server, click Add.
3) Configure the following settings:
4) The following is a sample screenshot of how it should look like if all options are enabled:
5) The following are the configuration via CLI (based on the sample screen-shot above):
config log setting remote
edit 1
set status enable
set server 10.147.1.43
set facility audit
set event-log-status enable
set event-log-category configuration admin health_check system user slb llb glb fw
set traffic-log-status enable
set traffic-log-category slb dns
set attack-log-status enable
set attack-log-category synflood ipreputation waf geo
next
end
6) The following is a simple test used to trigger a syslog from the ADC (the event-log-catogery OR traffic-log-category in the configuration above must match to generate a syslog entry). In this test case, “configuration” is enabled on the “event-log-category”, generate the log by changing the static route entry on the FortiADC:
7) Run a sniffer command “diagnose sniffer packet any “port 514” 4 0” to check on the FortiADC to see whether any syslog entry is sent:
8) Cross-checking it on the Syslog Server: