Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
thiago_FTNT
Staff
Staff

Created on ‎01-05-2015 03:17 AM Edited on ‎08-22-2023 09:50 PM By Community Manager

Article Id 191412

Technical tip: Configure FortiManager to send logs to a syslog server

Description

 

This article provides he commands to configure FortiManager/FortiAnalyzer to send local-logs (FMG/FAZ events, not managed devices) to a syslog server that have changed since release 5.0.7.

With release 5.0.7 and above it is a two step process.  The first step can be done via GUI or CLI, the second step is CLI only.
 
Scope
 
FortiManager.


Solution

 

FortiManager 4.3.x.

 

CLI commands are:

 

config fmsystem locallog syslogd setting
    set server <IP address> Address of remote syslog server
    set severity <emergency | alert | critical | error | warning | notification | information | debug> (Least severity level to log)
    set status <enable | disable>
    set csv Whether to enable CSV.
    set facility Which facility for remote syslog.
    set port Port that server listens at
end

 

FortiManager 5.0.x ,  up to 5.0.6.

 

CLI commands are:

 

config system locallog syslogd setting
    set server <IP address> Address of remote syslog server
    set severity <emergency | alert | critical | error | warning | notification | information | debug> (Least severity level to log)
    set status <enable | disable>
    set csv Whether to enable CSV.
    set facility Which facility for remote syslog.
    set port Port that server listens at.
end

 

FortiManager 5.0.7 and above.

 

First, the Syslog server is defined, then the FortiManager is configured to send a local log to this server.

 

Step 1: Define Syslog servers.

This can be done through GUI in System Settings -> Advanced -> Syslog Server.

 

syslogd_GUI-509.jpg

 

The server can also be defined with  CLI commands:

 

config system syslog

    edit <server name>

        set ip <syslog server IP>

end

 

Example:

 

config system syslog
    edit "Syslog-serv1"
        set ip "11.11.11.11"
    next
end

 

Note:

Reliable by default is disabled, it is possible to enable it for using TCP/514 and that should be enabled in both places else it will fall to UDP/514.

 

Step 2: Enable sending FortiManager local logs to the Syslog server.

 

This can only be configured via CLI with commands:

 

config system locallog syslogd setting
    set syslog-name < Remote syslog server name, defined at previous step>
    set severity <emergency | alert | critical | error | warning | notification | information | debug> (Least severity level to log)set status <enable | disable>
    set csv Whether to enable CSV.
    set facility Which facility for remote syslog.
    set port Port that server listens at
end

 

Example:

 

config system locallog syslogd setting
   set severity information
   set status enable
   set syslog-name "Syslog-serv1"
end

 

(setting)# get
cert : (null)
csv : disable
facility : local7
reliable : disable
severity : notification
status : enable
syslog-name : Syslog-serv1

33334
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.