config : log fortianalyzer-policy
log fortianalyzer-policy
Use this command to create policies for use by protection rules to store log messages remotely on a FortiAnalyzer appliance. For example, once you create a FortiAnalyzer policy, you can include it in a trigger policy, which in turn can be applied to a trigger action in a protection rule.
You need to create a FortiAnalyzer policy if you also plan to send log messages to a FortiAnalyzer appliance.
To use this command, your administrator account’s access control profile must have either
w or
rw permission to the
loggrp area. For more information, see
“Permissions”.
Syntax
config log fortianalyzer-policy
next
end
Variable | Description | Default |
<policy_name> | Type the name of the new or existing FortiAnalyzer policy. The maximum length is 35 characters. To display a list of the existing policies, type: edit ? | No default. |
ip-address <forti-analyzer_ipv4> | Type the IP address of the remote FortiAnalyzer appliance. | No default. |
enc-algorithm {disable | default} | Specifies whether FortiWeb transmits logs to the FortiAnalyzer appliance using SSL. | disable |
Example
This example creates a policy entry and assigns an IP address, then enables FortiAnalyzer logging for log messages with a severity of error or higher
config log fortianalyzer-policy
edit fa-policy1
set ip-address 192.0.2.0
next
end
config log forti-analyzer
set fortianalyzer-policy fa-policy1
set status enable
set severity error
end
Related topics