log syslogd

	For improved performance, unless necessary, avoid logging highly frequent log types. While logs sent to your Syslog server do not persist in FortiWeb’s local RAM, FortiWeb still must use bandwidth and processing resources while sending the log message.


Variable	Description	Default
status {enable \| disable}	Enable to send log messages to the Syslog server defined by config log syslog-policy. Also configure facility, policy and severity.	disable
facility {alert \| audit \| auth \| authpriv \| clock \| cron \| daemon \| ftp \| kernel \| local0 \| local1 \| local2 \| local3 \| local4 \| local5 \| local6 \| local7 \| mail \| ntp \| user}	Type the facility identifier that the FortiWeb appliance will use to identify itself when sending log messages to the first Syslog server. To easily identify log messages from the FortiWeb appliance when they are stored on the Syslog server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier.	local7
severity {alert \| critical \| debug \| emergency \| error \| information \| notification \| warning}	Select the severity level that a log message must meet or exceed in order to cause the FortiWeb appliance to send it to the first Syslog server.	information
policy <syslogd-policy_name>	If logging to a Syslog server is enabled, type the name of a Syslog policy which describes the Syslog server to which the log message will be sent. The maximum length is 35 characters. For more information on Syslog policies, see “config log syslog-policy”.	No default.

This example enables storage of log messages with the notification severity level and higher on the Syslog server. The network connections to the Syslog server are defined in Syslog_Policy1. The FortiWeb appliance uses the facility identifier local7 when sending log messages to the Syslog server to differentiate its own log messages from those of other network devices using the same Syslog server.