Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 7.1.3 CLI Reference
    7.1.3
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config log setting fortianalyzer

    config log setting fortianalyzer

    Use this command to configure logging to a FortiAnalyzer server using OFTP.

    The Optimized Fabric Transfer Protocol (OFTP) is used when information is synchronized between FortiAnalyzer and FortiADC, as well as for other Fortinet products. Remote logging and archiving can be configured on the FortiADC to send logs to a FortiAnalyzer unit.

    OFTP listens on port TCP/514.

    Note

    To configure from global, see config log setting global_faz. Global has preset configurations that users may use for easy configuration, which apply to all VDOMs. However, in config log setting fortianalyzer, the user can customize the configuration for the individual VDOM, overriding the global FortiAnalyzer config.

    You can enable override_global_faz here:

    FortiADC-VM (root) # config log setting general

    FortiADC-VM (general) # show full-configuration

    config log setting general

    set override_global_faz enable

    end
    Requirements:
    • Read-write permission for log settings.
    • The FortiAnalyzer service is required to be exposed on External IP.

    FortiADC supports integration with FortiAnalyzer versions 7.0.2 or later. As earlier versions of FortiAnalyzer is not optimally compatible with FortiADC, unexpected behavior may occur.

    Syntax

    config log setting fortianalyzer

    edit <name>

    set status {enable|disable}

    set server <string>

    set loglevel {alert|critical|debug|emergency|error|information|notification|warning}

    set event-log-status {enable|disable}

    set event-log-category {admin|configuration|fw|glb|health-check|llb|slb|system|user}

    set traffic-log-status {enable|disable}

    set traffic-log-category {slb|dns|llb}

    set attack-log-status {enable|disable}

    set attack-log-category {av|ddos|geo|ipreputation|ips|waf|fw}

    next

    end

    status

    		 Enable/disable the configuration.

    server

    		 Specify the IP address of the FortiAnalyzer Log server.

    loglevel

    Select the lowest severity to log from the following options:

    • emergency — The system has become unstable.
    • alert — Immediate action is required.
    • critical — Functionality is affected.
    • error — An error condition exists and functionality could be affected.
    • warning — Functionality might be affected.
    • notification — Information about normal events.
    • information — General information about system operations.
    • debug — Detailed information about the system that can be used to troubleshoot unexpected behavior.

    The exported logs will include the selected severity level and above. For example, if you select error, the system collects logs with severity level error, critical, alert, and emergency. If you select alert, the system collects logs with severity level alert and emergency.

    event-log-status

    		 Enable/disable logging for events.

    event-log-category

    If event-log-status is enabled, the event-log-category becomes configurable.

    Select one or more of the following event categories to include in the event logs export:

    • configuration — Configuration changes.
    • admin — Administrator actions.
    • system — System operations, warnings, and errors.
    • user — Authentication results logs.
    • health-check — Health check results and client certificate validation check results.
    • slb — Notifications, such as connection limit reached.
    • llb — Notifications, such as bandwidth thresholds reached.
    • glb — Notifications, such as the status of associated local SLB and virtual servers.
    • fw — Notifications for the Firewall module, such as SNAT source IP pool is using all of its addresses.

    traffic-log-status

    		 Enable/disable logging for traffic processed by the load-balancing modules.

    traffic-log-category

    If traffic-log-status is enabled, the traffic-log-category becomes configurable.

    Select one or more of the following traffic categories to include in the traffic logs export:

    • slb — Server Load Balancing traffic logs related to sessions and throughput.
    • dns — Global Load Balancing traffic logs related to DNS requests.
    • llb — Link Load Balancing traffic logs related to session and throughput.

    attack-log-status

    		 Enable/disable logging for traffic processed by the security modules.

    attack-log-category

    If attack-log-status is enabled, the attack-log-category becomes configurable.

    Select one or more of the following security categories to include in the security logs export:

    • ddos — DoS protection logs.
    • ipreputation — IP Reputation logs.
    • waf — WAF logs.
    • geo — Geo IP blocking logs.
    • av — AV logs.
    • ips — IPS logs.
    • fw — Firewall logs.

    Example

    config log setting fortianalyzer

    edit 1

    set status enable

    set server 192.8.8.8

    set loglevel information

    set event-log-status enable

    set event-log-category system slb

    set traffic-log-status enable

    set traffic-log-category slb dns

    set attack-log-status enable

    set attack-log-category waf av

    next

    end

    Previous
    Next

    config log setting fortianalyzer

    config log setting fortianalyzer

    Use this command to configure logging to a FortiAnalyzer server using OFTP.

    The Optimized Fabric Transfer Protocol (OFTP) is used when information is synchronized between FortiAnalyzer and FortiADC, as well as for other Fortinet products. Remote logging and archiving can be configured on the FortiADC to send logs to a FortiAnalyzer unit.

    OFTP listens on port TCP/514.

    Note

    To configure from global, see config log setting global_faz. Global has preset configurations that users may use for easy configuration, which apply to all VDOMs. However, in config log setting fortianalyzer, the user can customize the configuration for the individual VDOM, overriding the global FortiAnalyzer config.

    You can enable override_global_faz here:

    FortiADC-VM (root) # config log setting general

    FortiADC-VM (general) # show full-configuration

    config log setting general

    set override_global_faz enable

    end
    Requirements:
    • Read-write permission for log settings.
    • The FortiAnalyzer service is required to be exposed on External IP.

    FortiADC supports integration with FortiAnalyzer versions 7.0.2 or later. As earlier versions of FortiAnalyzer is not optimally compatible with FortiADC, unexpected behavior may occur.

    Syntax

    config log setting fortianalyzer

    edit <name>

    set status {enable|disable}

    set server <string>

    set loglevel {alert|critical|debug|emergency|error|information|notification|warning}

    set event-log-status {enable|disable}

    set event-log-category {admin|configuration|fw|glb|health-check|llb|slb|system|user}

    set traffic-log-status {enable|disable}

    set traffic-log-category {slb|dns|llb}

    set attack-log-status {enable|disable}

    set attack-log-category {av|ddos|geo|ipreputation|ips|waf|fw}

    next

    end

    status

    		 Enable/disable the configuration.

    server

    		 Specify the IP address of the FortiAnalyzer Log server.

    loglevel

    Select the lowest severity to log from the following options:

    • emergency — The system has become unstable.
    • alert — Immediate action is required.
    • critical — Functionality is affected.
    • error — An error condition exists and functionality could be affected.
    • warning — Functionality might be affected.
    • notification — Information about normal events.
    • information — General information about system operations.
    • debug — Detailed information about the system that can be used to troubleshoot unexpected behavior.

    The exported logs will include the selected severity level and above. For example, if you select error, the system collects logs with severity level error, critical, alert, and emergency. If you select alert, the system collects logs with severity level alert and emergency.

    event-log-status

    		 Enable/disable logging for events.

    event-log-category

    If event-log-status is enabled, the event-log-category becomes configurable.

    Select one or more of the following event categories to include in the event logs export:

    • configuration — Configuration changes.
    • admin — Administrator actions.
    • system — System operations, warnings, and errors.
    • user — Authentication results logs.
    • health-check — Health check results and client certificate validation check results.
    • slb — Notifications, such as connection limit reached.
    • llb — Notifications, such as bandwidth thresholds reached.
    • glb — Notifications, such as the status of associated local SLB and virtual servers.
    • fw — Notifications for the Firewall module, such as SNAT source IP pool is using all of its addresses.

    traffic-log-status

    		 Enable/disable logging for traffic processed by the load-balancing modules.

    traffic-log-category

    If traffic-log-status is enabled, the traffic-log-category becomes configurable.

    Select one or more of the following traffic categories to include in the traffic logs export:

    • slb — Server Load Balancing traffic logs related to sessions and throughput.
    • dns — Global Load Balancing traffic logs related to DNS requests.
    • llb — Link Load Balancing traffic logs related to session and throughput.

    attack-log-status

    		 Enable/disable logging for traffic processed by the security modules.

    attack-log-category

    If attack-log-status is enabled, the attack-log-category becomes configurable.

    Select one or more of the following security categories to include in the security logs export:

    • ddos — DoS protection logs.
    • ipreputation — IP Reputation logs.
    • waf — WAF logs.
    • geo — Geo IP blocking logs.
    • av — AV logs.
    • ips — IPS logs.
    • fw — Firewall logs.

    Example

    config log setting fortianalyzer

    edit 1

    set status enable

    set server 192.8.8.8

    set loglevel information

    set event-log-status enable

    set event-log-category system slb

    set traffic-log-status enable

    set traffic-log-category slb dns

    set attack-log-status enable

    set attack-log-category waf av

    next

    end

    Previous
    Next