Configuring Syslog settings
In order to store log messages remotely on a Syslog server, you must first create the Syslog connection settings.
Syslog settings can be referenced by a trigger, which in turn can be selected as the trigger action in a protection profile, and used to send log messages to your Syslog server whenever a policy violation occurs.
To configure Syslog policies
2. Go to Log&Report > Log Policy > Syslog Policy.
To access this part of the web UI, your administrator’s account access profile must have
Read and
Write permission to items in the
Log & Report category. For details, see
“Permissions”.
3. Click Create New.
A dialog appears.
4. If the policy is new, in Policy Name, type the name of the policy as it will be referenced in the configuration.
5. In IP Address, enter the address of the remote Syslog server.
6. In Port, enter the listening port number of the Syslog server. The default is 514.
7. Mark the Enable CSV Format check box if you want to send log messages in comma-separated value (CSV) format.
8. Click OK.
9. To verify logging connectivity, from the FortiWeb appliance, trigger a log message that matches the types and severity levels that you have chosen to store on the remote host. Then, on the remote host, confirm that it has received that log message.
If the remote host does not receive the log messages, verify the FortiWeb appliance’s network interfaces (see
“Configuring the network interfaces”) and static routes (see
“Adding a gateway”), and the policies on any intermediary firewalls or routers. If ICMP is enabled on the remote host, try using the
execute traceroute command to determine the point where connectivity fails. For details, see the
FortiWeb CLI Reference.
See also