Settings | Guidelines |
Status | Select to enable the configuration. |
Address | IP address of the syslog server. |
Port | Listening port number of the syslog server. Usually this is UDP port 514. |
Log Level | Select the lowest severity to log from the following choices: • Emergency—The system has become unstable. • Alert—Immediate action is required. • Critical—Functionality is affected. • Error—An error condition exists and functionality could be affected. • Warning—Functionality might be affected. • Notification—Information about normal events. • Information—General information about system operations. • Debug—Detailed information about the system that can be used to troubleshoot unexpected behavior. For example, if you select Error, the system sends the syslog server logs with level Error, Critical, Alert, and Emergency. If you select Alert, the system collects logs with level Alert and Emergency. |
CSV | Send logs in CSV format. Do not use with FortiAnalyzer. |
Facility | Identifier that is not used by any other device on your network when sending logs to FortiAnalyzer/syslog. |
Event | Select to enable logging for events. |
Event Category | Select the types of events to send to the syslog server: • Configuration—Configuration changes. • Admin—Administrator actions. • Application—Health check results. • System—System operations, warnings, and errors. |
Traffic | Select to enable logging for traffic processed by the load balancing modules. |
Traffic Category | • SLB—Send Server Load Balancing logs. • GLB—Send Global Load Balancing logs. |
Attack Logging | Select to enable logging for traffic processed by the security modules. |
Security Category | • DoS—Send SYN flood protection logs. • IP Reputation—Send IP Reputation logs. |