Fortinet white logo
Fortinet white logo

CLI Reference

config log setting remote

config log setting remote

Use this command to configure logging to a remote syslog server.

Note

To configure from global, see config log setting global_remote. Global has preset configurations that users may use for easy configuration, which apply to all VDOMs. However, in config log setting remote, the user can customize the configuration for the individual VDOM, overriding the global remote config.

You can enable override_global_remote here:

FortiADC-VM (root) # config log setting general

FortiADC-VM (general) # show full-configuration

config log setting general

set override_global_remote enable

end

A remote syslog server is a system provisioned specifically to collect logs for long term storage and analysis with preferred analytic tools.

Before you begin:
  • You must have read-write permission for log settings.

Syntax

config log setting remote

edit <name>

set address_type {ip|fqdn}

set attack-log-status {enable|disable}

set attack-log-category {av|ddos|geo|ipreputation|ips|waf|fw|ztna}

set comma-separated-value {enable|disable}

set event-log-status {enable|disable}

set event-log-category {admin|configuration|fw|glb|health-check|llb|slb|system|user}

set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kern | local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, news, ntp}

set fqdn <string>

set loglevel {alert|critical|debug|emergency|error|information|notification|warning}

set proto {udp|tcp|tcpssl}

set enc-algorithm {high-medium|high}

set tcp_framing {traditional|octet_counted}

set port <integer>

set server <ipv4 or ipv6>

set status {enable|disable}

set traffic-log-status {enable|disable}

set traffic-log-category {slb|dns|llb}

next

end

address_type

Select the Address Type of the syslog server:

  • ip

  • fqdn

attack-log-status

Enable/disable logging for security events.

attack-log-category

If attack-log-status is enabled, the attack-log-category becomes configurable.

Select one or more of the following security categories to include in the security logs export:

  • ddos — DoS protection logs.
  • ipreputation — IP Reputation logs.
  • waf — WAF logs.
  • geo — Geo IP blocking logs.
  • av — AV logs.
  • ips — IPS logs.
  • fw — Firewall logs.
  • ztna — ZTNA logs.

comma-separated-value

Send logs in CSV format. Do not use with FortiAnalyzer.

event-log-status

Enable/disable logging for system events.

event-log-category

If event-log-status is enabled, the event-log-category becomes configurable.

Select one or more of the following event categories to include in the event logs export:

  • configuration — Configuration changes.
  • admin — Administrator actions.
  • system — System operations, warnings, and errors.
  • user — Authentication results logs.
  • health-check — Health check results and client certificate validation check results.
  • slb — Notifications, such as connection limit reached.
  • llb — Notifications, such as bandwidth thresholds reached.
  • glb — Notifications, such as the status of associated local SLB and virtual servers.
  • fw — Notifications for the Firewall module, such as SNAT source IP pool is using all of its addresses.

facility

Identifier that is not used by any other device on your network when sending logs to FortiAnalyzer/syslog.

fqdn

The fqdn option is available if address_type is fqdn.

Specify the FQDN of the syslog server.

loglevel

Select the lowest severity to log from the following options:

  • emergency — The system has become unstable.
  • alert — Immediate action is required.
  • critical — Functionality is affected.
  • error — An error condition exists and functionality could be affected.
  • warning — Functionality might be affected.
  • notification — Information about normal events.
  • information — General information about system operations.
  • debug — Detailed information about the system that can be used to troubleshoot unexpected behavior.

The exported logs will include the selected severity level and above. For example, if you select error, the system collects logs with severity level error, critical, alert, and emergency. If you select alert, the system collects logs with severity level alert and emergency.

port

Listening port number of the syslog server. Usually this is UDP/TCP/TCPSSL port 514.

server

The server option is available if address_type is ip.

IP address of the syslog server.

Note:

In IPv6, certain reserved or designated addresses cannot function as globally unique addresses. Users can configure these invalid IPs in remote settings without errors, but this leads to failed IPv6 communication. Below are examples of unusable IPv6 address types.

  • Unspecified Address (::/128)
    Usage: Represents an unspecified address (analogous to 0.0.0.0 in IPv4). Typically used during the initialization phase before an IP address is assigned. Not valid for routing or general use.

  • Loopback Address (::1/128)
    Usage: Used for intra-device communication (equivalent to 127.0.0.1 in IPv4). Packets addressed to this cannot leave the local device.

  • Link-Local Addresses (fe80::/10)
    Range: fe80:: to febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    Usage: Used for communication within a single local link. Not routable beyond the local subnet and typically used for auto-configuration and neighbor discovery.

  • Multicast Addresses (ff00::/8)
    Range: ff00:: to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    Usage: Facilitates one-to-many communication. Cannot be used as a unicast address. Replaces IPv4 broadcast functionality.

  • Unique Local Addresses (fc00::/7)
    Range: fc00:: to fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    Usage: Analogous to private IPv4 addresses (10.0.0.0/8, 192.168.0.0/16). Used within local networks and not routable globally.

  • Documentation Prefix (2001:db8::/32)
    Range: 2001:db8:: to 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff
    Usage: Reserved for documentation and example purposes. Not valid for real-world network deployment.

  • Reserved Address Space (Various Prefixes)
    Usage: Reserved for future use or specific protocols. These addresses should not be used unless explicitly defined. For example, 2002::/16 is used for 6to4 tunneling.

  • Global Unicast Addresses (2000::/3)
    Range: 2000:: to 3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    Usage: Globally routable, but some portions may be reserved or not allocated. Ensure addresses used within this range are valid.

status

Enable/disable the configuration.

proto

Specify the protocol to use for transferring log messages.

  • udp

  • tcp

  • tcpssl

enc-algorithm

The enc-algorithm option is available if proto is tcpssl.

Select either the high-medium or high encryption algorithm options.
The default option is high-medium.

Note: Modifying the enc-algorithm setting triggers the initiation of a new SSL session negotiation with the syslog server, resulting in the disconnection of the current connection.

The High-Medium Level contains the following 80 algorithm combinations:

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • TLS_AES_128_GCM_SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • DHE-DSS-AES256-GCM-SHA384

  • DHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-CHACHA20-POLY1305

  • ECDHE-RSA-CHACHA20-POLY1305

  • DHE-RSA-CHACHA20-POLY1305

  • ECDHE-ECDSA-AES256-CCM8

  • ECDHE-ECDSA-AES256-CCM

  • DHE-RSA-AES256-CCM8

  • DHE-RSA-AES256-CCM

  • ECDHE-ECDSA-ARIA256-GCM-SHA384

  • ECDHE-ARIA256-GCM-SHA384

  • DHE-DSS-ARIA256-GCM-SHA384

  • DHE-RSA-ARIA256-GCM-SHA384

  • ADH-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • DHE-DSS-AES128-GCM-SHA256

  • DHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-CCM8

  • ECDHE-ECDSA-AES128-CCM

  • DHE-RSA-AES128-CCM8

  • DHE-RSA-AES128-CCM

  • ECDHE-ECDSA-ARIA128-GCM-SHA256

  • ECDHE-ARIA128-GCM-SHA256

  • DHE-DSS-ARIA128-GCM-SHA256

  • DHE-RSA-ARIA128-GCM-SHA256

  • ADH-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • DHE-RSA-AES256-SHA256

  • DHE-DSS-AES256-SHA256

  • ECDHE-ECDSA-CAMELLIA256-SHA384

  • ECDHE-RSA-CAMELLIA256-SHA384

  • DHE-RSA-CAMELLIA256-SHA256

  • DHE-DSS-CAMELLIA256-SHA256

  • ADH-AES256-SHA256

  • ADH-CAMELLIA256-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • DHE-RSA-AES128-SHA256

  • DHE-DSS-AES128-SHA256

  • ECDHE-ECDSA-CAMELLIA128-SHA256

  • ECDHE-RSA-CAMELLIA128-SHA256

  • DHE-RSA-CAMELLIA128-SHA256

  • DHE-DSS-CAMELLIA128-SHA256

  • ADH-AES128-SHA256

  • ADH-CAMELLIA128-SHA256

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • DHE-RSA-AES256-SHA

  • DHE-DSS-AES256-SHA

  • DHE-RSA-CAMELLIA256-SHA

  • DHE-DSS-CAMELLIA256-SHA

  • AECDH-AES256-SHA

  • ADH-AES256-SHA

  • ADH-CAMELLIA256-SHA

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • DHE-RSA-AES128-SHA

  • DHE-DSS-AES128-SHA

  • DHE-RSA-CAMELLIA128-SHA

  • DHE-DSS-CAMELLIA128-SHA

  • AECDH-AES128-SHA

  • ADH-AES128-SHA

  • ADH-CAMELLIA128-SHA

  • RSA-PSK-AES256-GCM-SHA384

  • DHE-PSK-AES256-GCM-SHA384

  • RSA-PSK-CHACHA20-POLY1305

  • DHE-PSK-CHACHA20-POLY1305

  • ECDHE-PSK-CHACHA20-POLY1305

  • DHE-PSK-AES256-CCM8

  • DHE-PSK-AES256-CCM

  • RSA-PSK-ARIA256-GCM-SHA384

  • DHE-PSK-ARIA256-GCM-SHA384

  • AES256-GCM-SHA384

  • AES256-CCM8

  • AES256-CCM

  • ARIA256-GCM-SHA384

  • PSK-AES256-GCM-SHA384

  • PSK-CHACHA20-POLY1305

  • PSK-AES256-CCM8

  • PSK-AES256-CCM

  • PSK-ARIA256-GCM-SHA384

  • RSA-PSK-AES128-GCM-SHA256

  • DHE-PSK-AES128-GCM-SHA256

  • DHE-PSK-AES128-CCM8

  • DHE-PSK-AES128-CCM

  • RSA-PSK-ARIA128-GCM-SHA256

  • DHE-PSK-ARIA128-GCM-SHA256

  • AES128-GCM-SHA256

  • AES128-CCM8

  • AES128-CCM

  • ARIA128-GCM-SHA256

  • PSK-AES128-GCM-SHA256

  • PSK-AES128-CCM8

  • PSK-AES128-CCM

  • PSK-ARIA128-GCM-SHA256

  • AES256-SHA256

  • CAMELLIA256-SHA256

  • AES128-SHA256

  • CAMELLIA128-SHA256

  • ECDHE-PSK-AES256-CBC-SHA384

  • ECDHE-PSK-AES256-CBC-SHA

  • SRP-DSS-AES-256-CBC-SHA

  • SRP-RSA-AES-256-CBC-SHA

  • SRP-AES-256-CBC-SHA

  • RSA-PSK-AES256-CBC-SHA384

  • DHE-PSK-AES256-CBC-SHA384

  • RSA-PSK-AES256-CBC-SHA

  • DHE-PSK-AES256-CBC-SHA

  • ECDHE-PSK-CAMELLIA256-SHA384

  • RSA-PSK-CAMELLIA256-SHA384

  • DHE-PSK-CAMELLIA256-SHA384

  • AES256-SHA

  • CAMELLIA256-SHA

  • PSK-AES256-CBC-SHA384

  • PSK-AES256-CBC-SHA

  • PSK-CAMELLIA256-SHA384

  • ECDHE-PSK-AES128-CBC-SHA256

  • ECDHE-PSK-AES128-CBC-SHA

  • SRP-DSS-AES-128-CBC-SHA

  • SRP-RSA-AES-128-CBC-SHA

  • SRP-AES-128-CBC-SHA

  • RSA-PSK-AES128-CBC-SHA256

  • DHE-PSK-AES128-CBC-SHA256

  • RSA-PSK-AES128-CBC-SHA

  • DHE-PSK-AES128-CBC-SHA

  • ECDHE-PSK-CAMELLIA128-SHA256

  • RSA-PSK-CAMELLIA128-SHA256

  • DHE-PSK-CAMELLIA128-SHA256

  • AES128-SHA

  • CAMELLIA128-SHA

  • PSK-AES128-CBC-SHA256

  • PSK-AES128-CBC-SHA

  • PSK-CAMELLIA128-SHA256

  • ECDHE-ECDSA-DES-CBC3-SHA

  • ECDHE-RSA-DES-CBC3-SHA

  • DHE-RSA-DES-CBC3-SHA

  • DHE-DSS-DES-CBC3-SHA

  • AECDH-DES-CBC3-SHA

  • ADH-DES-CBC3-SHA

  • ECDHE-PSK-3DES-EDE-CBC-SHA

  • SRP-DSS-3DES-EDE-CBC-SHA

  • SRP-RSA-3DES-EDE-CBC-SHA

  • SRP-3DES-EDE-CBC-SHA

  • RSA-PSK-3DES-EDE-CBC-SHA

  • DHE-PSK-3DES-EDE-CBC-SHA

  • DES-CBC3-SHA

  • PSK-3DES-EDE-CBC-SHA

The High Level contains the following 40 algorithm combinations:

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • TLS_AES_128_GCM_SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • DHE-DSS-AES256-GCM-SHA384

  • DHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-CHACHA20-POLY1305

  • ECDHE-RSA-CHACHA20-POLY1305

  • DHE-RSA-CHACHA20-POLY1305

  • ECDHE-ECDSA-AES256-CCM8

  • ECDHE-ECDSA-AES256-CCM

  • DHE-RSA-AES256-CCM8

  • DHE-RSA-AES256-CCM

  • ECDHE-ECDSA-ARIA256-GCM-SHA384

  • ECDHE-ARIA256-GCM-SHA384

  • DHE-DSS-ARIA256-GCM-SHA384

  • ADH-AES256-GCM-SHA384

  • ECDHE-ECDSA-ARIA128-GCM-SHA256

  • ECDHE-ARIA128-GCM-SHA256

  • DHE-DSS-ARIA128-GCM-SHA256

  • DHE-RSA-ARIA128-GCM-SHA256

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • DHE-RSA-AES256-SHA256

  • DHE-DSS-AES256-SHA256

  • ECDHE-ECDSA-CAMELLIA256-SHA384

  • ECDHE-RSA-CAMELLIA256-SHA384

  • DHE-RSA-CAMELLIA256-SHA256

  • DHE-DSS-CAMELLIA256-SHA256

  • ADH-AES256-SHA256

  • ADH-CAMELLIA256-SHA256

  • ECDHE-ECDSA-CAMELLIA128-SHA256

  • ECDHE-RSA-CAMELLIA128-SHA256

  • DHE-RSA-CAMELLIA128-SHA256

  • DHE-DSS-CAMELLIA128-SHA256

  • ADH-CAMELLIA128-SHA256

  • RSA-PSK-AES256-GCM-SHA384

  • DHE-PSK-AES256-GCM-SHA384

  • RSA-PSK-CHACHA20-POLY1305

  • DHE-PSK-CHACHA20-POLY1305

  • ECDHE-PSK-CHACHA20-POLY1305

  • DHE-PSK-AES256-CCM8

  • DHE-PSK-AES256-CCM

  • RSA-PSK-ARIA256-GCM-SHA384

  • DHE-PSK-ARIA256-GCM-SHA384

  • AES256-GCM-SHA384

  • AES256-CCM8

  • AES256-CCM

  • ARIA256-GCM-SHA384

  • PSK-AES256-GCM-SHA384

  • PSK-CHACHA20-POLY1305

  • PSK-AES256-CCM8

  • PSK-AES256-CCM

  • PSK-ARIA256-GCM-SHA384

  • RSA-PSK-ARIA128-GCM-SHA256

  • DHE-PSK-ARIA128-GCM-SHA256

  • ARIA128-GCM-SHA256

  • PSK-ARIA128-GCM-SHA256

  • AES256-SHA256

  • CAMELLIA256-SHA256

  • CAMELLIA128-SHA256

  • ECDHE-PSK-AES256-CBC-SHA384

  • RSA-PSK-AES256-CBC-SHA384

  • DHE-PSK-AES256-CBC-SHA384

  • ECDHE-PSK-CAMELLIA256-SHA384

  • RSA-PSK-CAMELLIA256-SHA384

  • DHE-PSK-CAMELLIA256-SHA384

  • PSK-AES256-CBC-SHA384

  • PSK-CAMELLIA256-SHA384

  • ECDHE-PSK-CAMELLIA128-SHA256

  • RSA-PSK-CAMELLIA128-SHA256

  • DHE-PSK-CAMELLIA128-SHA256

  • PSK-CAMELLIA128-SHA256

tcp_framing

The frame in which the log message is stored in tcp/tcpssl packets.

traffic-log-status

Enable/disable logging for traffic processed by the load balancing modules.

traffic-log-category

If traffic-log-status is enabled, the traffic-log-category becomes configurable.

Select one or more of the following traffic categories to include in the traffic logs export:

  • slb — Server Load Balancing traffic logs related to sessions and throughput.
  • dns — Global Load Balancing traffic logs related to DNS requests.
  • llb — Link Load Balancing traffic logs related to session and throughput.

Example

FortiADC-VM # config log setting remote

FortiADC-VM (remote) # edit 1

Add new entry '1' for node 547

FortiADC-VM (1) # get

status : disable

server : 0.0.0.0

port : 514

loglevel : information

comma-separated-value : disable

facility : kern

event-log-status : disable

traffic-log-status : disable

attack-log-status : disable

FortiADC-VM (1) # set status enable

FortiADC-VM (1) # set address_type ip

FortiADC-VM (1) # set server 203.0.113.10

FortiADC-VM (1) # set loglevel notification

FortiADC-VM (1) # set event-log-status enable

FortiADC-VM (1) # set event-log-category admin configuration system

FortiADC-VM (1) # set traffic-log-status enable

FortiADC-VM (1) # set traffic-log-category slb dns llb

FortiADC-VM (1) # end

FortiADC-VM # get log setting remote

== [ 1 ]

status: enable

server: 203.0.113.10

port: 514

loglevel: notification

facility: kern

FortiADC-VM # show log setting remote

config log setting remote

edit 1

set status enable

set server 203.0.113.10

set loglevel notification

set event-log-status enable

set event-log-category configuration admin system

set traffic-log-status enable

set traffic-log-category slb dns llb

next

end

config log setting remote

config log setting remote

Use this command to configure logging to a remote syslog server.

Note

To configure from global, see config log setting global_remote. Global has preset configurations that users may use for easy configuration, which apply to all VDOMs. However, in config log setting remote, the user can customize the configuration for the individual VDOM, overriding the global remote config.

You can enable override_global_remote here:

FortiADC-VM (root) # config log setting general

FortiADC-VM (general) # show full-configuration

config log setting general

set override_global_remote enable

end

A remote syslog server is a system provisioned specifically to collect logs for long term storage and analysis with preferred analytic tools.

Before you begin:
  • You must have read-write permission for log settings.

Syntax

config log setting remote

edit <name>

set address_type {ip|fqdn}

set attack-log-status {enable|disable}

set attack-log-category {av|ddos|geo|ipreputation|ips|waf|fw|ztna}

set comma-separated-value {enable|disable}

set event-log-status {enable|disable}

set event-log-category {admin|configuration|fw|glb|health-check|llb|slb|system|user}

set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kern | local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, news, ntp}

set fqdn <string>

set loglevel {alert|critical|debug|emergency|error|information|notification|warning}

set proto {udp|tcp|tcpssl}

set enc-algorithm {high-medium|high}

set tcp_framing {traditional|octet_counted}

set port <integer>

set server <ipv4 or ipv6>

set status {enable|disable}

set traffic-log-status {enable|disable}

set traffic-log-category {slb|dns|llb}

next

end

address_type

Select the Address Type of the syslog server:

  • ip

  • fqdn

attack-log-status

Enable/disable logging for security events.

attack-log-category

If attack-log-status is enabled, the attack-log-category becomes configurable.

Select one or more of the following security categories to include in the security logs export:

  • ddos — DoS protection logs.
  • ipreputation — IP Reputation logs.
  • waf — WAF logs.
  • geo — Geo IP blocking logs.
  • av — AV logs.
  • ips — IPS logs.
  • fw — Firewall logs.
  • ztna — ZTNA logs.

comma-separated-value

Send logs in CSV format. Do not use with FortiAnalyzer.

event-log-status

Enable/disable logging for system events.

event-log-category

If event-log-status is enabled, the event-log-category becomes configurable.

Select one or more of the following event categories to include in the event logs export:

  • configuration — Configuration changes.
  • admin — Administrator actions.
  • system — System operations, warnings, and errors.
  • user — Authentication results logs.
  • health-check — Health check results and client certificate validation check results.
  • slb — Notifications, such as connection limit reached.
  • llb — Notifications, such as bandwidth thresholds reached.
  • glb — Notifications, such as the status of associated local SLB and virtual servers.
  • fw — Notifications for the Firewall module, such as SNAT source IP pool is using all of its addresses.

facility

Identifier that is not used by any other device on your network when sending logs to FortiAnalyzer/syslog.

fqdn

The fqdn option is available if address_type is fqdn.

Specify the FQDN of the syslog server.

loglevel

Select the lowest severity to log from the following options:

  • emergency — The system has become unstable.
  • alert — Immediate action is required.
  • critical — Functionality is affected.
  • error — An error condition exists and functionality could be affected.
  • warning — Functionality might be affected.
  • notification — Information about normal events.
  • information — General information about system operations.
  • debug — Detailed information about the system that can be used to troubleshoot unexpected behavior.

The exported logs will include the selected severity level and above. For example, if you select error, the system collects logs with severity level error, critical, alert, and emergency. If you select alert, the system collects logs with severity level alert and emergency.

port

Listening port number of the syslog server. Usually this is UDP/TCP/TCPSSL port 514.

server

The server option is available if address_type is ip.

IP address of the syslog server.

Note:

In IPv6, certain reserved or designated addresses cannot function as globally unique addresses. Users can configure these invalid IPs in remote settings without errors, but this leads to failed IPv6 communication. Below are examples of unusable IPv6 address types.

  • Unspecified Address (::/128)
    Usage: Represents an unspecified address (analogous to 0.0.0.0 in IPv4). Typically used during the initialization phase before an IP address is assigned. Not valid for routing or general use.

  • Loopback Address (::1/128)
    Usage: Used for intra-device communication (equivalent to 127.0.0.1 in IPv4). Packets addressed to this cannot leave the local device.

  • Link-Local Addresses (fe80::/10)
    Range: fe80:: to febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    Usage: Used for communication within a single local link. Not routable beyond the local subnet and typically used for auto-configuration and neighbor discovery.

  • Multicast Addresses (ff00::/8)
    Range: ff00:: to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    Usage: Facilitates one-to-many communication. Cannot be used as a unicast address. Replaces IPv4 broadcast functionality.

  • Unique Local Addresses (fc00::/7)
    Range: fc00:: to fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    Usage: Analogous to private IPv4 addresses (10.0.0.0/8, 192.168.0.0/16). Used within local networks and not routable globally.

  • Documentation Prefix (2001:db8::/32)
    Range: 2001:db8:: to 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff
    Usage: Reserved for documentation and example purposes. Not valid for real-world network deployment.

  • Reserved Address Space (Various Prefixes)
    Usage: Reserved for future use or specific protocols. These addresses should not be used unless explicitly defined. For example, 2002::/16 is used for 6to4 tunneling.

  • Global Unicast Addresses (2000::/3)
    Range: 2000:: to 3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    Usage: Globally routable, but some portions may be reserved or not allocated. Ensure addresses used within this range are valid.

status

Enable/disable the configuration.

proto

Specify the protocol to use for transferring log messages.

  • udp

  • tcp

  • tcpssl

enc-algorithm

The enc-algorithm option is available if proto is tcpssl.

Select either the high-medium or high encryption algorithm options.
The default option is high-medium.

Note: Modifying the enc-algorithm setting triggers the initiation of a new SSL session negotiation with the syslog server, resulting in the disconnection of the current connection.

The High-Medium Level contains the following 80 algorithm combinations:

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • TLS_AES_128_GCM_SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • DHE-DSS-AES256-GCM-SHA384

  • DHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-CHACHA20-POLY1305

  • ECDHE-RSA-CHACHA20-POLY1305

  • DHE-RSA-CHACHA20-POLY1305

  • ECDHE-ECDSA-AES256-CCM8

  • ECDHE-ECDSA-AES256-CCM

  • DHE-RSA-AES256-CCM8

  • DHE-RSA-AES256-CCM

  • ECDHE-ECDSA-ARIA256-GCM-SHA384

  • ECDHE-ARIA256-GCM-SHA384

  • DHE-DSS-ARIA256-GCM-SHA384

  • DHE-RSA-ARIA256-GCM-SHA384

  • ADH-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES128-GCM-SHA256

  • DHE-DSS-AES128-GCM-SHA256

  • DHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-CCM8

  • ECDHE-ECDSA-AES128-CCM

  • DHE-RSA-AES128-CCM8

  • DHE-RSA-AES128-CCM

  • ECDHE-ECDSA-ARIA128-GCM-SHA256

  • ECDHE-ARIA128-GCM-SHA256

  • DHE-DSS-ARIA128-GCM-SHA256

  • DHE-RSA-ARIA128-GCM-SHA256

  • ADH-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • DHE-RSA-AES256-SHA256

  • DHE-DSS-AES256-SHA256

  • ECDHE-ECDSA-CAMELLIA256-SHA384

  • ECDHE-RSA-CAMELLIA256-SHA384

  • DHE-RSA-CAMELLIA256-SHA256

  • DHE-DSS-CAMELLIA256-SHA256

  • ADH-AES256-SHA256

  • ADH-CAMELLIA256-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA256

  • DHE-RSA-AES128-SHA256

  • DHE-DSS-AES128-SHA256

  • ECDHE-ECDSA-CAMELLIA128-SHA256

  • ECDHE-RSA-CAMELLIA128-SHA256

  • DHE-RSA-CAMELLIA128-SHA256

  • DHE-DSS-CAMELLIA128-SHA256

  • ADH-AES128-SHA256

  • ADH-CAMELLIA128-SHA256

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES256-SHA

  • DHE-RSA-AES256-SHA

  • DHE-DSS-AES256-SHA

  • DHE-RSA-CAMELLIA256-SHA

  • DHE-DSS-CAMELLIA256-SHA

  • AECDH-AES256-SHA

  • ADH-AES256-SHA

  • ADH-CAMELLIA256-SHA

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-RSA-AES128-SHA

  • DHE-RSA-AES128-SHA

  • DHE-DSS-AES128-SHA

  • DHE-RSA-CAMELLIA128-SHA

  • DHE-DSS-CAMELLIA128-SHA

  • AECDH-AES128-SHA

  • ADH-AES128-SHA

  • ADH-CAMELLIA128-SHA

  • RSA-PSK-AES256-GCM-SHA384

  • DHE-PSK-AES256-GCM-SHA384

  • RSA-PSK-CHACHA20-POLY1305

  • DHE-PSK-CHACHA20-POLY1305

  • ECDHE-PSK-CHACHA20-POLY1305

  • DHE-PSK-AES256-CCM8

  • DHE-PSK-AES256-CCM

  • RSA-PSK-ARIA256-GCM-SHA384

  • DHE-PSK-ARIA256-GCM-SHA384

  • AES256-GCM-SHA384

  • AES256-CCM8

  • AES256-CCM

  • ARIA256-GCM-SHA384

  • PSK-AES256-GCM-SHA384

  • PSK-CHACHA20-POLY1305

  • PSK-AES256-CCM8

  • PSK-AES256-CCM

  • PSK-ARIA256-GCM-SHA384

  • RSA-PSK-AES128-GCM-SHA256

  • DHE-PSK-AES128-GCM-SHA256

  • DHE-PSK-AES128-CCM8

  • DHE-PSK-AES128-CCM

  • RSA-PSK-ARIA128-GCM-SHA256

  • DHE-PSK-ARIA128-GCM-SHA256

  • AES128-GCM-SHA256

  • AES128-CCM8

  • AES128-CCM

  • ARIA128-GCM-SHA256

  • PSK-AES128-GCM-SHA256

  • PSK-AES128-CCM8

  • PSK-AES128-CCM

  • PSK-ARIA128-GCM-SHA256

  • AES256-SHA256

  • CAMELLIA256-SHA256

  • AES128-SHA256

  • CAMELLIA128-SHA256

  • ECDHE-PSK-AES256-CBC-SHA384

  • ECDHE-PSK-AES256-CBC-SHA

  • SRP-DSS-AES-256-CBC-SHA

  • SRP-RSA-AES-256-CBC-SHA

  • SRP-AES-256-CBC-SHA

  • RSA-PSK-AES256-CBC-SHA384

  • DHE-PSK-AES256-CBC-SHA384

  • RSA-PSK-AES256-CBC-SHA

  • DHE-PSK-AES256-CBC-SHA

  • ECDHE-PSK-CAMELLIA256-SHA384

  • RSA-PSK-CAMELLIA256-SHA384

  • DHE-PSK-CAMELLIA256-SHA384

  • AES256-SHA

  • CAMELLIA256-SHA

  • PSK-AES256-CBC-SHA384

  • PSK-AES256-CBC-SHA

  • PSK-CAMELLIA256-SHA384

  • ECDHE-PSK-AES128-CBC-SHA256

  • ECDHE-PSK-AES128-CBC-SHA

  • SRP-DSS-AES-128-CBC-SHA

  • SRP-RSA-AES-128-CBC-SHA

  • SRP-AES-128-CBC-SHA

  • RSA-PSK-AES128-CBC-SHA256

  • DHE-PSK-AES128-CBC-SHA256

  • RSA-PSK-AES128-CBC-SHA

  • DHE-PSK-AES128-CBC-SHA

  • ECDHE-PSK-CAMELLIA128-SHA256

  • RSA-PSK-CAMELLIA128-SHA256

  • DHE-PSK-CAMELLIA128-SHA256

  • AES128-SHA

  • CAMELLIA128-SHA

  • PSK-AES128-CBC-SHA256

  • PSK-AES128-CBC-SHA

  • PSK-CAMELLIA128-SHA256

  • ECDHE-ECDSA-DES-CBC3-SHA

  • ECDHE-RSA-DES-CBC3-SHA

  • DHE-RSA-DES-CBC3-SHA

  • DHE-DSS-DES-CBC3-SHA

  • AECDH-DES-CBC3-SHA

  • ADH-DES-CBC3-SHA

  • ECDHE-PSK-3DES-EDE-CBC-SHA

  • SRP-DSS-3DES-EDE-CBC-SHA

  • SRP-RSA-3DES-EDE-CBC-SHA

  • SRP-3DES-EDE-CBC-SHA

  • RSA-PSK-3DES-EDE-CBC-SHA

  • DHE-PSK-3DES-EDE-CBC-SHA

  • DES-CBC3-SHA

  • PSK-3DES-EDE-CBC-SHA

The High Level contains the following 40 algorithm combinations:

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • TLS_AES_128_GCM_SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES256-GCM-SHA384

  • DHE-DSS-AES256-GCM-SHA384

  • DHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-CHACHA20-POLY1305

  • ECDHE-RSA-CHACHA20-POLY1305

  • DHE-RSA-CHACHA20-POLY1305

  • ECDHE-ECDSA-AES256-CCM8

  • ECDHE-ECDSA-AES256-CCM

  • DHE-RSA-AES256-CCM8

  • DHE-RSA-AES256-CCM

  • ECDHE-ECDSA-ARIA256-GCM-SHA384

  • ECDHE-ARIA256-GCM-SHA384

  • DHE-DSS-ARIA256-GCM-SHA384

  • ADH-AES256-GCM-SHA384

  • ECDHE-ECDSA-ARIA128-GCM-SHA256

  • ECDHE-ARIA128-GCM-SHA256

  • DHE-DSS-ARIA128-GCM-SHA256

  • DHE-RSA-ARIA128-GCM-SHA256

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA384

  • DHE-RSA-AES256-SHA256

  • DHE-DSS-AES256-SHA256

  • ECDHE-ECDSA-CAMELLIA256-SHA384

  • ECDHE-RSA-CAMELLIA256-SHA384

  • DHE-RSA-CAMELLIA256-SHA256

  • DHE-DSS-CAMELLIA256-SHA256

  • ADH-AES256-SHA256

  • ADH-CAMELLIA256-SHA256

  • ECDHE-ECDSA-CAMELLIA128-SHA256

  • ECDHE-RSA-CAMELLIA128-SHA256

  • DHE-RSA-CAMELLIA128-SHA256

  • DHE-DSS-CAMELLIA128-SHA256

  • ADH-CAMELLIA128-SHA256

  • RSA-PSK-AES256-GCM-SHA384

  • DHE-PSK-AES256-GCM-SHA384

  • RSA-PSK-CHACHA20-POLY1305

  • DHE-PSK-CHACHA20-POLY1305

  • ECDHE-PSK-CHACHA20-POLY1305

  • DHE-PSK-AES256-CCM8

  • DHE-PSK-AES256-CCM

  • RSA-PSK-ARIA256-GCM-SHA384

  • DHE-PSK-ARIA256-GCM-SHA384

  • AES256-GCM-SHA384

  • AES256-CCM8

  • AES256-CCM

  • ARIA256-GCM-SHA384

  • PSK-AES256-GCM-SHA384

  • PSK-CHACHA20-POLY1305

  • PSK-AES256-CCM8

  • PSK-AES256-CCM

  • PSK-ARIA256-GCM-SHA384

  • RSA-PSK-ARIA128-GCM-SHA256

  • DHE-PSK-ARIA128-GCM-SHA256

  • ARIA128-GCM-SHA256

  • PSK-ARIA128-GCM-SHA256

  • AES256-SHA256

  • CAMELLIA256-SHA256

  • CAMELLIA128-SHA256

  • ECDHE-PSK-AES256-CBC-SHA384

  • RSA-PSK-AES256-CBC-SHA384

  • DHE-PSK-AES256-CBC-SHA384

  • ECDHE-PSK-CAMELLIA256-SHA384

  • RSA-PSK-CAMELLIA256-SHA384

  • DHE-PSK-CAMELLIA256-SHA384

  • PSK-AES256-CBC-SHA384

  • PSK-CAMELLIA256-SHA384

  • ECDHE-PSK-CAMELLIA128-SHA256

  • RSA-PSK-CAMELLIA128-SHA256

  • DHE-PSK-CAMELLIA128-SHA256

  • PSK-CAMELLIA128-SHA256

tcp_framing

The frame in which the log message is stored in tcp/tcpssl packets.

traffic-log-status

Enable/disable logging for traffic processed by the load balancing modules.

traffic-log-category

If traffic-log-status is enabled, the traffic-log-category becomes configurable.

Select one or more of the following traffic categories to include in the traffic logs export:

  • slb — Server Load Balancing traffic logs related to sessions and throughput.
  • dns — Global Load Balancing traffic logs related to DNS requests.
  • llb — Link Load Balancing traffic logs related to session and throughput.

Example

FortiADC-VM # config log setting remote

FortiADC-VM (remote) # edit 1

Add new entry '1' for node 547

FortiADC-VM (1) # get

status : disable

server : 0.0.0.0

port : 514

loglevel : information

comma-separated-value : disable

facility : kern

event-log-status : disable

traffic-log-status : disable

attack-log-status : disable

FortiADC-VM (1) # set status enable

FortiADC-VM (1) # set address_type ip

FortiADC-VM (1) # set server 203.0.113.10

FortiADC-VM (1) # set loglevel notification

FortiADC-VM (1) # set event-log-status enable

FortiADC-VM (1) # set event-log-category admin configuration system

FortiADC-VM (1) # set traffic-log-status enable

FortiADC-VM (1) # set traffic-log-category slb dns llb

FortiADC-VM (1) # end

FortiADC-VM # get log setting remote

== [ 1 ]

status: enable

server: 203.0.113.10

port: 514

loglevel: notification

facility: kern

FortiADC-VM # show log setting remote

config log setting remote

edit 1

set status enable

set server 203.0.113.10

set loglevel notification

set event-log-status enable

set event-log-category configuration admin system

set traffic-log-status enable

set traffic-log-category slb dns llb

next

end