Configuring logging to multiple FortiAnalyzer units
The following example shows how to configure logging to multiple FortiAnalyzer units. Configuring multiple FortiAnalyzer units is quick and easy; however, you can only configure up to three FortiAnalyzer units per FortiGate unit.
To configure multiple FortiAnalyzer units
1. In the CLI, enter the following command syntax to configure the first FortiAnalyzer unit:
config log fortianalyzer setting
set status enable
set server 172.20.120.22
set max-buffer-size 1000
set buffer-max-send 2000
set address-mode static
set conn-timeout 100
set monitor-keepalive-period 120
set monitor-failure-retry-period 2000
end
2. Disable the features that you do not want logged, using the following example command syntax. You can view the CLI Reference to see what commands are available.
config log fortianalyzer filter
set traffic (enable | disable)
...
end
3. Enter the following commands for the second FortiAnalyzer unit:
config log fortianalyzer2 setting
set status enable
set server 172.20.120.23
set max-buffer-size 1000
set buffer-max-send 2000
set address-mode static
set conn-timeout 100
set monitor-keepalive-period 120
set monitor-failure-retry-period 2000
end
4. Disable the features that you do not want logged, using the following example command syntax.
config log fortianalyzer filter
set web (enable | disable)
...
end
5. Enter the following commands for the last FortiAnalyzer unit:
config log fortianalyzer3 setting
set status enable
set server 172.20.120.23
set max-buffer-size 1000
set buffer-max-send 2000
set address-mode static
set conn-timeout 100
set monitor-keepalive-period 120
set monitor-failure-retry-period 2000
end
6. Disable the features that you do not want logged, using the following example command syntax.
config log fortianalyzer filter
set web-filter (enable | disable)
...
end
8. On the other FortiGate units, configure steps 1 through 6, ensuring that logs are being sent to the FortiAnalyzer units.