Log&Report Storing logs
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 655
http://docs.fortinet.com/ • Feedback
Figure 432: Logging to a Syslog server
To configure the FortiGate unit to send logs to a syslog server
1 Go to Log&Report > Log Config > Log Setting.
2 Select the check box beside Syslog.
3 Select the Expand Arrow beside the check box to reveal the Syslog options.
4 Enter the appropriate information for the Syslog server.
5 Select Apply.
Logging to WebTrends
WebTrends is a remote computer running a NetIQ WebTrends firewall reporting server.
FortiGate log formats comply with WebTrends Enhanced Log Format (WELF) and are
compatible with NetIQ WebTrends Security Reporting Center and Firewall Suite 4.1.
Use the CLI to configure the FortiGate unit to send log messages to WebTrends. After
logging into the CLI, enter the following commands:
config log webtrends setting
set server <address_ipv4>
set status {disable | enable}
end
Name/IP The domain name or IP address of the syslog server.
Port The port number for communication with the syslog server, typically port 514.
Minimum log level The FortiGate unit logs all messages at and above the logging severity level
you select. For more information about the logging levels, see “Log severity
levels” on page 649.
Facility Facility indicates to the syslog server the source of a log message. By
default, FortiGate reports Facility as local7. You may want to change Facility
to distinguish log messages from different FortiGate units.
Enable CSV
Format
If you enable CSV format, the FortiGate unit produces the log in Comma
Separated Value (CSV) format. If you do not enable CSV format the
FortiGate unit produces plain text files.
Note: If more than one Syslog server is configured, the Syslog servers and their settings
appear on the Log Settings page. You can configure multiple Syslog servers in the CLI. For
more information, see the FortiGate CLI Reference.
To Next Page
Loading...