Created on 01-05-2015 03:17 AM Edited on 08-22-2023 09:50 PM By Anthony_E
Description
Solution
FortiManager 4.3.x.
CLI commands are:
config fmsystem locallog syslogd setting
set server <IP address> Address of remote syslog server
set severity <emergency | alert | critical | error | warning | notification | information | debug> (Least severity level to log)
set status <enable | disable>
set csv Whether to enable CSV.
set facility Which facility for remote syslog.
set port Port that server listens at
end
FortiManager 5.0.x , up to 5.0.6.
CLI commands are:
config system locallog syslogd setting
set server <IP address> Address of remote syslog server
set severity <emergency | alert | critical | error | warning | notification | information | debug> (Least severity level to log)
set status <enable | disable>
set csv Whether to enable CSV.
set facility Which facility for remote syslog.
set port Port that server listens at.
end
FortiManager 5.0.7 and above.
First, the Syslog server is defined, then the FortiManager is configured to send a local log to this server.
Step 1: Define Syslog servers.
This can be done through GUI in System Settings -> Advanced -> Syslog Server.
The server can also be defined with CLI commands:
config system syslog
edit <server name>
set ip <syslog server IP>
end
Example:
config system syslog
edit "Syslog-serv1"
set ip "11.11.11.11"
next
end
Note:
Reliable by default is disabled, it is possible to enable it for using TCP/514 and that should be enabled in both places else it will fall to UDP/514.
Step 2: Enable sending FortiManager local logs to the Syslog server.
This can only be configured via CLI with commands:
config system locallog syslogd setting
set syslog-name < Remote syslog server name, defined at previous step>
set severity <emergency | alert | critical | error | warning | notification | information | debug> (Least severity level to log)set status <enable | disable>
set csv Whether to enable CSV.
set facility Which facility for remote syslog.
set port Port that server listens at
end
Example:
config system locallog syslogd setting
set severity information
set status enable
set syslog-name "Syslog-serv1"
end
(setting)# get
cert : (null)
csv : disable
facility : local7
reliable : disable
severity : notification
status : enable
syslog-name : Syslog-serv1
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.