Log&Report Storing Logs
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 409
Storing Logs
The type and frequency of log messages you intend to save dictates the type of
log storage to use. For example, you can store a limited number of log messages
in memory and older log messages are overwritten. Storing log messages to one
or more locations, such as a FortiAnalyzer unit, may be better suited for your
specific logging purposes. If you want to log traffic and content logs, you need to
configure logging to a FortiAnalyzer unit or Syslog server because the FortiGate
system memory is unable to log these particular log files.
In Log&Report > Log Config > Log Setting, you can configure where the
FortiGate unit stores logs.
You can enable logging to a FortiGuard server when you subscribe for the
FortiGuard Log & Analysis subscription-based services. The FortiGuard Log &
Analysis services provide another option for storing your logs when you do not
have a logging device, such as a FortiAnalyzer unit or Syslog server. These
services are only available for FortiGate-100 units and lower.
You can enable logging of most FortiGate features, except for traffic and full
content archiving. Summary content archiving is supported. Reports are not
supported.
The FortiGate unit sends logs to the FortiGuard Log & Analysis server using TCP
port 514. This connection is secured by SSL and the logs are encrypted, providing
a secure transfer of log information.
The storage space on the FortiGuard Log & Analysis server depends on the type
of FortiGuard Log & Analysis subscription-based services purchased. Contact
customer support for more information.
Logging to a FortiAnalyzer unit
FortiAnalyzer units are network appliances that provide integrated log collection,
analysis tools and data storage. Detailed log reports provide historical as well as
current analysis of network and email activity to help identify security issues and
reduce network misuse and abuse.
Figure 276:Configuring a connection to the FortiAnalyzer unit
Note: If your FortiGate unit has a hard disk, use the CLI to enable logging to the FortiGate
hard disk. See the FortiGate CLI Reference for more information before enabling logging to
the hard disk. You can view logs stored on the hard disk from Log & Report > Log Access
> Disk.
Note: If VDOMs are enabled, make sure the VDOM you are currently in allows access for
enabling logging locations. Certain VDOM configurations may only allow access to certain
FortiGate features. VDOM configuration also affects FortiGuard Log & Analysis services
and logging. See “Using virtual domains” on page 61 for more information.
To Next Page
Loading...
