Configuring FortiAnalyzer policies
Before you can store log messages remotely on a FortiAnalyzer appliance, you must first create FortiAnalyzer connection settings.
Once you create FortiAnalyzer connection settings, it can be referenced by a trigger, which in turn can be selected as a trigger action in a protection profile, and used to record policy violations.
To configure FortiAnalyzer policies
2. Go to Log&Report > Log Policy > FortiAnalyzer Policy.
To access this part of the web UI, your administrator’s account access profile must have
Read and
Write permission to items in the
Log & Report category. For details, see
“Permissions”.
3. Click Create New, and the complete the following settings:
Setting name | Description |
Policy Name | Enter a unique name that other parts of the configuration can reference. Do not use spaces or special characters. The maximum length is 35 characters. |
IP Address | Enter the IP address of the remote FortiAnalyzer appliance. |
Encrypt Log Transmission | Select to transmit logs to the FortiAnalyzer appliance using SSL. |
4. Click OK.
5. Confirm with the FortiAnalyzer administrator that the FortiWeb appliance was added to the FortiAnalyzer appliance’s device list, allocated sufficient disk space quota, and assigned permission to transmit logs to the FortiAnalyzer appliance. For details, see the
FortiAnalyzer Administration Guide.
6. To verify logging connectivity, from the FortiWeb appliance, trigger a log message that matches the types and severity levels that you have chosen to store on the remote host. Then, on the remote host, confirm that it has received that log message.
If the remote host does not receive the log messages, verify the FortiWeb appliance’s network interfaces (see
“Configuring the network interfaces”) and static routes (see
“Adding a gateway”), and the policies on any intermediary firewalls or routers. If ICMP
ECHO_RESPONSE (pong) is enabled on the remote host, try using the
execute traceroute command to determine the point where connectivity fails. For details, see the
FortiWeb CLI Reference.
See also