config log setting remote
Use this command to configure logging to a remote syslog server.
A remote syslog server is a system provisioned specifically to collect logs for long term storage and analysis with preferred analytic tools.
Before you begin:
• You must have read-write permission for log settings.
Syntax
config log setting remote
edit <name>
set attack-log-status {enable|disable}
set attack-log-category {synflood ipreputation}
set comma-separated-value {enable|disable}
set event-log-status {enable|disable}
set event-log-category {admin app configuration system}
set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kern | local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, news, ntp}
set loglevel {alert | critical | debug | emerge | error | information | notification | warning}
set port <integer>
set server <string>
set status {enable|disable}
set traffic-log-status {enable|disable}
set traffic-log-category {slb dns}
next
end
attack-log-status | Enable/disable logging for security events. |
attack-log-category | • synflood—Send SYN flood protection logs. • ipreputation—Send IP Reputation logs. |
comma-separated-value | Send logs in CSV format. Do not use with FortiAnalyzer. |
event-log-status | Enable/disable logging for system events. |
event-log-category | Specify the types of events to send to the syslog server: • Admin—Administrator actions. • Application—Health check results. • Configuration—Configuration changes. • System—System operations, warnings, and errors. |
facility | Identifier that is not used by any other device on your network when sending logs to FortiAnalyzer/syslog. |
loglevel | Specify the lowest severity for which alerts are sent: • Emergency—The system has become unstable. • Alert—Immediate action is required. • Critical—Functionality is affected. • Error—An error condition exists and functionality could be affected. • Warning—Functionality might be affected. • Notification—Information about normal events. • Information—General information about system operations. • Debug—Detailed information about the system that can be used to troubleshoot unexpected behavior. For example, if you select error, the system sends alerts with level Error, Critical, Alert, and Emergency. If you select alert, the system sends alerts with level Alert and Emergency. |
port | Listening port number of the syslog server. Usually this is UDP port 514. |
server | IP address of the syslog server. |
status | Enable/disable the configuration. |
traffic-log-status | Enable/disable logging for traffic processed by the load balancing modules. |
traffic-log-category | • slb—Send server load balancing logs. • dns—Send global load balancing logs. |
Example
FortiADC-VM # config log setting remote
FortiADC-VM (remote) # edit 1
Add new entry '1' for node 547
FortiADC-VM (1) # get
status : disable
server :
port : 514
loglevel : information
comma-separated-value: disable
facility : kern
event-log-status : disable
traffic-log-status : disable
attack-log-status : disable
FortiADC-VM (1) # set status enable
FortiADC-VM (1) # set server 203.0.113.10
FortiADC-VM (1) # set loglevel notification
FortiADC-VM (1) # set event-log-status enable
FortiADC-VM (1) # set event-log-category admin app configuration system
FortiADC-VM (1) # set traffic-log-status enable
FortiADC-VM (1) # set traffic-log-category slb dns
FortiADC-VM (1) # end
FortiADC-VM # get
FortiADC-VM # get log setting remote
== [ 1 ]
status: enable
server: 203.0.113.10
port: 514
loglevel: notification
facility: kern
FortiADC-VM # show log setting remote
config log setting remote
edit 1
set server 203.0.113.10
set loglevel notification
set event-log-status enable
set event-log-category configuration admin app system
set traffic-log-status enable
set traffic-log-category slb dns
next
end