log : fortianalyzer setting
fortianalyzer setting
Use this command to configure the FortiGate unit to send log files to a FortiAnalyzer unit.
FortiAnalyzer units are network appliances that provide integrated log collection, analysis tools and data storage. Detailed log reports provide historical as well as current analysis of network and email activity to help identify security issues and reduce network misuse and abuse.
Using the CLI, you can send logs to up to three different FortiAnalyzer units for maximum fail-over protection of log data. After configuring logging to FortiAnalyzer units, the FortiGate unit will send the same log packets to all configured FortiAnalyzer units. Additional FortiAnalyzer units are configured using the fortianalyzer2 and fortianalyzer3 commands.
The FortiAnalyzer CLI commands are not cumulative. Using a syntax similar to the following is not valid:
config log fortianalyzer fortianalyzer2 fortianalyzer3 setting
config log {fortianalyzer | fortianalyzer2 | fortianalyzer3} setting
set status {enable | disable}
set conn-timeout <seconds>
set encrypt {enable | disable}
set enc-algorithm {default | high | low | disable}
set gui-display {enable | disable}
set ips-archive {enable | disable}
set localid <identifier>
set monitor-keepalive-period <int_seconds>
set monitor-failure-retry-period <int_seconds>
set psksecret <pre-shared_key>
set reliable {enable | disable}
set server <fortianalyzer_ipv4>
set source-ip <address_ipv4>
set upload-option {store‑and‑upload | realtime}
set upload-interval {daily | weekly | monthly}
set upload-day <1-31> | {sunday | monday | tuesday | wednesday | thursday | friday | saturday}
set upload-time <hh:mm>
status {enable | disable}
Enable or disable communication with the FortiAnalyzer unit.
The other fields are available only if status is set to enable.
conn-timeout <seconds>
Enter the number of seconds before the FortiAnalyzer connection times out.
encrypt {enable | disable}
Enable to use IPSec VPN tunnel for communication. When enabled, enc-algorithm is not available.
Disable to send data as plain text over SSL with the enc­­­­­-algorithm command.
enc-algorithm {default | high | low | disable}
Set encryption strength for communications between the FortiGate unit and FortiAnalyzer.
high — use SSL with 128-bit and larger key length algorithms: DHE‑RSA‑AES256‑SHA, AES256‑SHA, EDH‑RSA‑DES‑CBC3‑SHA, DES‑CBC3‑SHA, DES‑CBC3‑MD5, DHE‑RSA‑AES128‑SHA, AES128‑SHA
low — use SSL with 64-bit or 56-bit key length algorithms without export restrictions: EDH‑RSA‑DES‑CDBC‑SHA, DES‑CBC‑SHA, DES‑CBC‑MD5
default — use SSL with high strength algorithms and these medium-strength 128-bit key length algorithms: RC4‑SHA, RC4‑MD5, RC4‑MD
disable — disable the use of SSL.
gui-display {enable | disable}
Enable to display FortiAnalyzer Reports on the web‑based manager.
ips-archive {enable | disable}
Enable IPS packet archive.
localid <identifier>
Enter an identifier up to 64 characters long. You must use the same identifier on the FortiGate unit and the FortiAnalyzer unit.
No default.
monitor-keepalive-period <int_seconds>
Enter the interval in seconds between OFTP keepalive transmissions (for status and log buffer). Range 1 to 120.
monitor-failure-retry-period <int_seconds>
Enter the time in seconds between connection retries (for status and log buffer). Range 1 to 2 147 483 647.
psksecret <pre-shared_key>
Enter the pre-shared key for the IPSec VPN tunnel. The pre-shared key must be at least 6 characters long
This is needed only if encrypt is set to enable.
No default.
reliable {enable | disable}
Enable to log to a syslog server using TCP, which ensures reliable connection setup and transmission of data.
server <fortianalyzer_ipv4>
Enter the IP address of the FortiAnalyzer unit.
This field is only available when address-mode is set to static.
source-ip <address_ipv4>
Enter the source IP address for the FortiAnalyzer, FortiAnalyzer2 and FortiAnalyzer3 units.
upload-option {store‑and‑upload | realtime}
Choose how logs are uploaded to a FortiAnalyzer unit:
realtime — Send logs directly to the FortiAnalyzer unit.
store-and-upload — Log to hard disk, then upload on the schedule defined by upload-interval, upload-day and upload-time.
You cannot switch from realtime to store-and-upload if any VDOM has disk logging disabled.
upload-interval {daily | weekly | monthly}
Select how frequently logs are uploaded. This is available when upload-option is store‑and‑upload.
upload-day <1-31> | {sunday | monday | tuesday | wednesday | thursday | friday | saturday}
When upload-interval is monthly, enter the day of the month to upload logs.
When upload-interval is weekly, select the day of the week for log uploads.
This is available when upload-option is store‑and‑upload.
No default.
upload-time <hh:mm>
Enter the time of day for log uploads. This is available when upload-option is store‑and‑upload.