Usually, you should set trigger actions for specific types of violations. Failure to do so will result in the FortiWeb appliance logging every occurrence, which could result in high log volume and reduced system performance. Excessive logging for an extended period of time may cause premature hard disk failure. |
Logs stored remotely cannot be viewed from the web UI, and cannot be used by FortiWeb to build reports. If you require these features, record logs locally as well as remotely. |
Variable | Description | Default |
siem-policy <policy_name> | Type the name of an existing SIEM policy to use when storing log information remotely. The maximum length is 35 characters. To view a list of the existing SIEM policies, type: set siem-policy ? | No default. |
severity {alert | critical | debug | emergency | error | information | notification | warning} | Select the severity level that a log message must meet or exceed in order to cause the FortiWeb appliance to save it to the ArcSight server. | information |
status {enable | disable} | Enable to record event log messages to the ArcSight server if it meets or exceeds the severity level specified by severity. | disable |