Device Manager : Log forwarding
 
Log forwarding
When your FortiAnalyzer device is configured in collector mode, you can configure log forwarding in the Device Manager tab. You can configure to forward logs for selected devices to another FortiAnalyzer, a syslog server, or a Common Event Format (CEF) server.
To put your FortiAnalyzer in collector mode:
1. Go to System Settings > Dashboard.
2. In the System Information widget, in the Operation Mode field, select [Change].
3. In the Change Operation Mode dialog box, select Collector, and then select OK.
The Web-based Manager will refresh and the Device Manager, Log View, and System Settings tabs are available. See “Changing the operation mode” for more information.
To configure log forwarding:
1. Go to the Device Manager tab and select Log Forwarding.
2. Select Create New from the toolbar.
The Add log forwarding page is displayed.
Figure 27: Add log forwarding dialog box
3. Configure the following settings:
Server Name
Enter a name to identify the remote server.
Remote Server Type
Select the remote server type. Select one of the following: FortiAnalyzer, Syslog, Common Event Format (CEF).
Server IP
Enter the server IP address.
Select Devices
Select the add icon to select devices. Select devices and select OK to add the devices.
Enable Log Aggregation
Select to enable log aggregation. This option is available when Remote Server Type is FortiAnalyzer.
 
Password
Enter the server password.
 
Confirm Password
Re-enter the server password.
 
Upload Daily at
Select a time from the drop-down list.
Enable Realtime Forwarding
Select to enable realtime log forwarding.
 
Level
Select the logging level from the drop-down list. Select one of the following: Emergency, Alert, Critical, Error, Warning, Notification, Information, or Debug.
 
Server Port
Enter the server port. When Remote Server Type is FortiAnalyzer, the port cannot be changed. The default port is 514.
4. Select OK to save the setting.