Logging to a FortiAnalyzer or Syslog server

To store logs in a safe remote location or offload logging for performance reasons, you can configure FortiADC to store logs on a FortiAnalyzer or generic Syslog server.

For logging accuracy, you should verify that the FortiADC appliance’s system time is accurate. For details, see “Setting the system time & date”.


	Avoid recording highly frequent log types such as traffic logs to the local hard disk for an extended period of time. Excessive logging frequency can cause undue wear on the hard disk and may cause premature failure.

To access this part of the web UI, your administrator’s account access profile must have Read-Write permission to items in the Log & Report category. For details, see “Permissions”.

4. In Address, type the address of the remote FortiAnalyzer appliance or Syslog server.

5. In Port, type the UDP port number where the device listens for logs. The default is 514, the typical default for Syslog.

6. If the device is a generic Syslog server (not FortiAnalyzer), and it supports logging in comma-separated value (spreadsheet) format, you can enable CSV Format.

7. Select the Minimum Log Level and log types that a message must match in order to be sent to the remote server.

8. From Facility, select an identifier that is not used by any other device on your network when sending logs to FortiAnalyzer/Syslog.

10. If logging to a FortiAnalyzer, confirm with the FortiAnalyzer administrator that the FortiADC appliance was added to the FortiAnalyzer appliance’s device list, allocated sufficient disk space quota, and assigned permission to transmit logs to the FortiAnalyzer appliance. For details, see the FortiAnalyzer Administration Guide.

11. To verify logging connectivity, from the FortiADC appliance, trigger a log message that matches the types and severity levels that you have chosen to store on the remote host. Then, on the remote host, confirm that it has received that log message.

If the remote host does not receive the log messages, verify the FortiADC appliance’s network interfaces (see “Configuring the network interfaces”) and static routes (see “Adding a gateway”), and the policies on any intermediary firewalls or routers. If ICMP ECHO_RESPONSE (pong) is enabled on the remote host, try using the execute traceroute command to determine the point where connectivity fails.