Log Configuration
Logs can be remotely backed up to an FTP server, automatically deleted, and sent to a remote syslog server in lieu of storing them locally.
Log Settings
To configure log backups, automatic deletion, and remote storage, go to Logging > Log Config > Log Settings.
To configure log backups:
- In the log settings window, select Enable remote backup in the Log Backup section.
- Select the frequency of the backups in the Frequency field as either Daily, Weekly, or Monthly.
- Configure the time of day that the backup will occur in one of the following ways:
- Enter a time in the Time field
- Select Now to enter the current time
- Select the clock icon and choose a time from the pop-up menu: Now, Midnight, 6 a.m., or Noon.
- Select an FTP server from the dropdown menu in the FTP server field. For information on configuring an FTP server, see FTP Servers.
- Select OK to save your settings.
To configure automatic log deletion:
- In the log settings window, select Enable log auto-deletion in the Log Auto-Deletion section.
- In the Auto-delete logs older than field, select day(s), week(s), or month(s) from the dropdown menu, then enter the number of days, weeks, or months after which a log will be deleted.
- Select OK to save your settings.
To configure logging to a FortiManager/FortiAnalyzer unit:
- In the log settings window, select Send logs to FortiManager/FortiAnalyzer in the FortiManager/FortiAnalyzer section.
- In the IP Address field, enter the Internet-FortiAuthenticatoring IP address of the FortiManager or FortiAnalyzer unit.
FortiAnalyzer officially supports this feature in FortiAnalyzer 5.4.2 build 1117. |
To configure logging to a remote syslog server:
- In the log settings window, select Send logs to remote Syslog servers in the Remote Syslog section.
- Move the syslog servers to which the logs will be sent from the Available syslog servers box to the Chosen syslog servers box.
- Select OK to save your settings.
For information on adding syslog servers, see Syslog Servers.
Syslog Servers
Syslog servers can be used to store remote logs. To view the syslog server list, go to Logging > Log Config > Syslog Servers.
Create New | Add a new syslog server. |
Delete | Delete the selected syslog server or servers. |
Edit | Edit the selected syslog server. |
Name | The syslog server name on the FortiAuthenticator unit. |
Server name/IP | The server name or IP address, and port number. |
To add a syslog server:
- From the syslog servers list, select Create New. The Create New Syslog Server window opens.
- Enter the following information:
- Select OK to add the syslog server.
Name | Enter a name for the syslog server on the FortiAuthenticator unit. |
Server name/IP | Enter the syslog server name or IP address. |
Port | Enter the syslog server port number. The default port is 514. |
Level | Select a log level to store on the remote server from the dropdown menu. See Level. |
FortiAuthenticatorility | Select a FortiAuthenticatorility from the dropdown menu. |