Log&Report Configuring Event logging
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 717
http://docs.fortinet.com/ • Feedback
Configuring Event logging
The Event Log records management and activity events, such as when a configuration
has changed, or VPN and High Availability (HA) events occur.
When you are logged into VDOMs that are in Transparent mode, or if all VDOMs are in
Transparent mode, certain options may not be available such as VIP ssl event or CPU and
memory usage event. You can enable event logs only when you are logged in to a VDOM;
you cannot enable event logs in the root VDOM.
To enable the event logging go to Log&Report > Log Config > Event Log. Select the
Enable check box. Select one or more of the following logs and select Apply.
Violation traffic
detected
Select if you require an alert email message based on violated traffic
that is detected by the FortiGate unit.
Firewall authentication
failure
Select if you require an alert email message based on firewall
authentication failures.
SSL VPN login failure Select if you require an alert email message based on any SSL VPN
logins that failed.
Administrator
login/logout
Select if you require an alert email message based on whether
administrators log in or out.
IPSec tunnel errors Select if you require an alert email message based on whether there is
an error in the IPSec tunnel configuration.
L2TP/PPTP/PPPoE
errors
Select if you require an alert email message based on errors that
occurred in L2TP, PPTP, or PPPoE.
Configuration changes Select if you require an alert email message based on any changes
made to the FortiGate configuration.
FortiGuard license
expiry time (1-100
days)
Enter the number of days before the FortiGuard license expiry time
notification is sent.
FortiGuard log quota
usage
Select if you require an alert email message based on the FortiGuard
Analysis server log disk quota getting full.
Disk Usage Select if you require an alert email when the internal hard disk or AMC
disk reaches a disk usage level. You can set the disk usage level at
which the alert email is sent.
Send alert email for logs
based on severity
Select if you want to send an alert email that is based on a specified
log severity, such as warning.
Minimum log level Select a log severity from the list. For more information about log
severity levels, see “Log severity levels” on page 733.
System Activity
event
All system-related events, such as ping server failure and gateway status.
IPSec negotiation
event
All IPSec negotiation events, such as progress and error reports.
DHCP service
event
All DHCP-events, such as the request and response log.
L2TP/PPTP/PPPoE
service event
All protocol-related events, such as manager and socket creation
processes.
Admin event All administrative events, such as user logins, resets, and configuration
updates.
HA activity event All high availability events, such as link, member, and state information.
Firewall
authentication event
All firewall-related events, such as user authentication.
To Next Page
Loading...
Need help?
General
