Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 5.4.2 Handbook
    5.4.2
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Configuring syslog settings

    Configuring syslog settings

    A remote syslog server is a system provisioned specifically to collect logs for long term storage and analysis with preferred analytic tools.

    Before you begin:

    • You must have Read-Write permission for Log & Report settings.
    To configure syslog settings:
    1. Go to Log & Report > Log Setting.
    2. Click the Syslog Server tab.
    3. Click Create New to display the configuration editor.
    4. Complete the configuration as described in Syslog configuration.
    5. Save the configuration.

    Syslog configuration
    Settings Guidelines
    Status Select to enable the configuration.
    Address IP address of the syslog server.
    Port Listening port number of the syslog server. Usually this is UDP port 514.
    Log Level Select the lowest severity to log from the following choices:
    • Emergency—The system has become unstable.
    • Alert—Immediate action is required.
    • Critical—Functionality is affected.
    • Error—An error condition exists and functionality could be affected.
    • Warning—Functionality might be affected.
    • Notification—Information about normal events.
    • Information—General information about system operations.
    • Debug—Detailed information about the system that can be used to troubleshoot unexpected behavior.

    For example, if you select Error, the system sends the syslog server logs with level Error, Critical, Alert, and Emergency. If you select Alert, the system collects logs with level Alert and Emergency.
    CSV Send logs in CSV format. Do not use with FortiAnalyzer.
    Facility Identifier that is not used by any other device on your network when sending logs to FortiAnalyzer/syslog.
    Event Select to enable logging for events.
    Event Category Select the types of events to send to the syslog server:

    • Configuration—Configuration changes.
    • Admin—Administrator actions.
    • System—System operations, warnings, and errors.
    • User—Authentication results logs.
    • Health Check—Health check results and client certificate validation check results.
    • SLB—Notifications, such as connection limit reached.
    • LLB—Notifications, such as bandwidth thresholds reached.
    • GLB—Notifications, such as the status of associated local SLB and virtual servers.
    • Firewall—Notifications for the "firewall" module, such as SNAT source IP pool is using all of its addresses.
    Traffic Select to enable logging for traffic processed by the load balancing modules.
    Traffic Category
    • SLB—Server Load Balancing traffic logs related to sessions and throughput.
    • GLB—Global Load Balancing traffic logs related to DNS requests.
    • LLB—Link Load Balancing traffic logs related to session and throughput
    Security Select to enable logging for traffic processed by the security modules.
    Security Category
    • DoS—SYN flood protection logs.
    • IP Reputation—IP Reputation logs.
    • WAF—WAF logs.
    • GEO—Geo IP blocking logs.
    Script Select to enable scripting.
    Script Category SLB is elected by default.
    Previous
    Next

    Configuring syslog settings

    Configuring syslog settings

    A remote syslog server is a system provisioned specifically to collect logs for long term storage and analysis with preferred analytic tools.

    Before you begin:

    • You must have Read-Write permission for Log & Report settings.
    To configure syslog settings:
    1. Go to Log & Report > Log Setting.
    2. Click the Syslog Server tab.
    3. Click Create New to display the configuration editor.
    4. Complete the configuration as described in Syslog configuration.
    5. Save the configuration.

    Syslog configuration
    Settings Guidelines
    Status Select to enable the configuration.
    Address IP address of the syslog server.
    Port Listening port number of the syslog server. Usually this is UDP port 514.
    Log Level Select the lowest severity to log from the following choices:
    • Emergency—The system has become unstable.
    • Alert—Immediate action is required.
    • Critical—Functionality is affected.
    • Error—An error condition exists and functionality could be affected.
    • Warning—Functionality might be affected.
    • Notification—Information about normal events.
    • Information—General information about system operations.
    • Debug—Detailed information about the system that can be used to troubleshoot unexpected behavior.

    For example, if you select Error, the system sends the syslog server logs with level Error, Critical, Alert, and Emergency. If you select Alert, the system collects logs with level Alert and Emergency.
    CSV Send logs in CSV format. Do not use with FortiAnalyzer.
    Facility Identifier that is not used by any other device on your network when sending logs to FortiAnalyzer/syslog.
    Event Select to enable logging for events.
    Event Category Select the types of events to send to the syslog server:

    • Configuration—Configuration changes.
    • Admin—Administrator actions.
    • System—System operations, warnings, and errors.
    • User—Authentication results logs.
    • Health Check—Health check results and client certificate validation check results.
    • SLB—Notifications, such as connection limit reached.
    • LLB—Notifications, such as bandwidth thresholds reached.
    • GLB—Notifications, such as the status of associated local SLB and virtual servers.
    • Firewall—Notifications for the "firewall" module, such as SNAT source IP pool is using all of its addresses.
    Traffic Select to enable logging for traffic processed by the load balancing modules.
    Traffic Category
    • SLB—Server Load Balancing traffic logs related to sessions and throughput.
    • GLB—Global Load Balancing traffic logs related to DNS requests.
    • LLB—Link Load Balancing traffic logs related to session and throughput
    Security Select to enable logging for traffic processed by the security modules.
    Security Category
    • DoS—SYN flood protection logs.
    • IP Reputation—IP Reputation logs.
    • WAF—WAF logs.
    • GEO—Geo IP blocking logs.
    Script Select to enable scripting.
    Script Category SLB is elected by default.
    Previous
    Next