Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Log Configuration

Logs can be remotely backed up to an FTP server, automatically deleted, and sent to a remote syslog server in lieu of storing them locally.

Log Settings

To configure log backups, automatic deletion, and remote storage, go to Logging > Log Config > Log Settings.

To configure log backups:
  1. In the log settings window, select Enable remote backup in the Log Backup section.
  2. Select the frequency of the backups in the Frequency field as either Daily, Weekly, or Monthly.
  3. Configure the time of day that the backup will occur in one of the following ways:
    • Enter a time in the Time field
    • Select Now to enter the current time
    • Select the clock icon and choose a time from the pop-up menu: Now, Midnight, 6 a.m., or Noon.
  4. Select an FTP server from the dropdown menu in the FTP server field. For information on configuring an FTP server, see FTP Servers.
  5. Select OK to save your settings.
To configure automatic log deletion:
  1. In the log settings window, select Enable log auto-deletion in the Log Auto-Deletion section.
  2. In the Auto-delete logs older than field, select day(s), week(s), or month(s) from the dropdown menu, then enter the number of days, weeks, or months after which a log will be deleted.
  3. Select OK to save your settings.
To configure logging to a FortiManager/FortiAnalyzer unit:
  1. In the log settings window, select Send logs to FortiManager/FortiAnalyzer in the FortiManager/FortiAnalyzer section.
  2. In the IP Address field, enter the Internet-FortiAuthenticatoring IP address of the FortiManager or FortiAnalyzer unit.
note icon FortiAnalyzer officially supports this feature in FortiAnalyzer 5.4.2 build 1117.
To configure logging to a remote syslog server:
  1. In the log settings window, select Send logs to remote Syslog servers in the Remote Syslog section.
  2. Move the syslog servers to which the logs will be sent from the Available syslog servers box to the Chosen syslog servers box.

    3. For information on adding syslog servers, see Syslog Servers.

  3. Select OK to save your settings.

Syslog Servers

Syslog servers can be used to store remote logs. To view the syslog server list, go to Logging > Log Config > Syslog Servers.

Create New Add a new syslog server.
Delete Delete the selected syslog server or servers.
Edit Edit the selected syslog server.
Name The syslog server name on the FortiAuthenticator unit.
Server name/IP The server name or IP address, and port number.
To add a syslog server:
  1. From the syslog servers list, select Create New. The Create New Syslog Server window opens.

  2. Enter the following information:
    3. Name Enter a name for the syslog server on the FortiAuthenticator unit.
    Server name/IP Enter the syslog server name or IP address.
    Port Enter the syslog server port number. The default port is 514.
    Level Select a log level to store on the remote server from the dropdown menu. See Level.
    FortiAuthenticatorility Select a FortiAuthenticatorility from the dropdown menu.
  3. Select OK to add the syslog server.
 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy