High Availability cluster logging Log&Report
FortiGate Version 4.0 Administration Guide
650 01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
High Availability cluster logging
When configuring logging with a High Availability (HA) cluster, you configure the primary
unit to send logs to a FortiAnalyzer unit or a Syslog server. The settings are applied to the
subordinate units, which send the log messages to the primary unit. The primary unit then
sends all logs to the FortiAnalyzer unit or Syslog server.
If you configured a secure connection via an IPSec VPN tunnel between a FortiAnalyzer
unit and a HA cluster, the connection is between the FortiAnalyzer unit and the HA cluster
primary unit.
For more information, see the FortiGate High Availability User Guide.
Storing logs
The type and frequency of log messages you intend to save determines the type of log
storage to use. For example, if you want to log traffic and content logs, you need to
configure the FortiGate unit to log to a FortiAnalyzer unit or Syslog server. The FortiGate
system memory is unable to log traffic and content logs because of their frequency and
large file size.
Storing log messages to one or more locations, such as a FortiAnalyzer unit or Syslog
server, may be a better solution for your logging requirements than the FortiGate system
memory. Configuring your FortiGate unit to log to a FortiGuard Analysis server may also
be a better log storage solution if you do not have a FortiAnalyzer unit and want to create
reports. This particular log storage solution is available to all FortiGate units running
FortiOS 3.0 MR6 or higher, through a subscription to the FortiGuard Analysis and
Management Service. For more information, see “FortiGuard Analysis and Management
Service” on page 648.
If your FortiGate unit has a hard disk, you can also enable logging to the hard disk from
the CLI. See the FortiGate CLI Reference for more information before enabling logging to
the hard disk.
If you require logging to multiple FortiAnalyzer units or Syslog servers, see the FortiGate
CLI Reference.
Logging to a FortiAnalyzer unit
FortiAnalyzer units are network devices that provide integrated log collection, analysis
tools and data storage. Detailed log reports provide historical as well as current analysis of
network activity to help identify security issues and reduce network misuse and abuse.
You can configure the FortiGate unit to log up to three FortiAnalyzer units. The FortiGate
unit sends logs to all three FortiAnalyzer units. Each FortiAnalyzer unit stores the same
information. Logging to multiple FortiAnalyzer units provides real-time backup protection
in the event one of the FortiAnalyzer units fails. You can configure logging to multiple
FortiAnalyzer units only in the CLI. For more information, see the FortiGate CLI
Reference.
Note: Daylight Saving Time (DST) is now extended by four weeks in the United States and
Canada and may affect your location. It is recommended to verify if your location observes
this change, since it affects the scope of the report. Fortinet has released supporting
firmware. See the Fortinet Knowledge Center article, New Daylight Saving Time support,
for more information.
To Next Page
Loading...