Fortinet white logo
Fortinet white logo

Administration Guide

Log configuration

Log configuration

Logs can be remotely backed up to an FTP server, automatically deleted, and sent to a remote syslog server in lieu of storing them locally.

Log settings

To configure log backups, automatic deletion, and remote storage, go to Logging > Log Config > Log Settings.

To configure log backups:
  1. Under Log Backup, select Enable remote backup.
  2. Set the Frequency to either Daily, Weekly, or Monthly.
  3. Configure the time of day that the backup will occur in one of the following ways:
    • Enter a time in the Time field.
    • Select Now to enter the current time.
    • Select the clock icon and choose a time from the pop-up menu: Now, Midnight, 6 a.m., or Noon.
  4. Select an FTP server from the FTP server dropdown menu. For information on configuring an FTP server, see FTP servers.
  5. Select OK to save your settings.
To configure automatic log deletion:
  1. Under Log Auto-Deletion, select Enable log auto-deletion.
  2. Use the Auto-delete logs older than field and dropdown menu to specify the number of either day(s), week(s), or month(s) after which a log will be deleted.
  3. Select OK to save your settings.
To configure logging to a FortiManager/FortiAnalyzer unit:
  1. Under FortiManager/FortiAnalyzer, select Send logs to FortiManager/FortiAnalyzer.
  2. Enter the Internet-facing IP address of the FortiManager or FortiAnalyzer unit.
To configure logging to a remote syslog server:
  1. Under Remote Syslog, select Send logs to remote Syslog servers.
  2. Move the syslog servers to which the logs will be sent from the Available syslog servers box to the Chosen syslog servers box.
  3. For information on adding syslog servers, see Syslog servers.

  4. Select OK to save your settings.

Syslog servers

Syslog servers can be used to store remote logs. To view the syslog server list, go to Logging > Log Config > Syslog Servers. A maximum of 20 syslog servers can be configured.

Create New Add a new syslog server.
Delete Delete the selected syslog server or servers.
Edit Edit the selected syslog server.
Name The syslog server name on FortiAuthenticator.
Server name/IP The server name or IP address, and port number.
To add a syslog server:
  1. From the syslog servers list, select Create New.
  2. Enter the following information:
    Name Enter a name for the syslog server on FortiAuthenticator.
    Server name/IP Enter the syslog server name or IP address.
    Port Enter the syslog server port number. The default port is 514.
    Level Select a log level to store on the remote server from the dropdown menu. See Level.
    Facility Select a facility from the dropdown menu.
  3. Select OK to add the syslog server.

Log configuration

Log configuration

Logs can be remotely backed up to an FTP server, automatically deleted, and sent to a remote syslog server in lieu of storing them locally.

Log settings

To configure log backups, automatic deletion, and remote storage, go to Logging > Log Config > Log Settings.

To configure log backups:
  1. Under Log Backup, select Enable remote backup.
  2. Set the Frequency to either Daily, Weekly, or Monthly.
  3. Configure the time of day that the backup will occur in one of the following ways:
    • Enter a time in the Time field.
    • Select Now to enter the current time.
    • Select the clock icon and choose a time from the pop-up menu: Now, Midnight, 6 a.m., or Noon.
  4. Select an FTP server from the FTP server dropdown menu. For information on configuring an FTP server, see FTP servers.
  5. Select OK to save your settings.
To configure automatic log deletion:
  1. Under Log Auto-Deletion, select Enable log auto-deletion.
  2. Use the Auto-delete logs older than field and dropdown menu to specify the number of either day(s), week(s), or month(s) after which a log will be deleted.
  3. Select OK to save your settings.
To configure logging to a FortiManager/FortiAnalyzer unit:
  1. Under FortiManager/FortiAnalyzer, select Send logs to FortiManager/FortiAnalyzer.
  2. Enter the Internet-facing IP address of the FortiManager or FortiAnalyzer unit.
To configure logging to a remote syslog server:
  1. Under Remote Syslog, select Send logs to remote Syslog servers.
  2. Move the syslog servers to which the logs will be sent from the Available syslog servers box to the Chosen syslog servers box.
  3. For information on adding syslog servers, see Syslog servers.

  4. Select OK to save your settings.

Syslog servers

Syslog servers can be used to store remote logs. To view the syslog server list, go to Logging > Log Config > Syslog Servers. A maximum of 20 syslog servers can be configured.

Create New Add a new syslog server.
Delete Delete the selected syslog server or servers.
Edit Edit the selected syslog server.
Name The syslog server name on FortiAuthenticator.
Server name/IP The server name or IP address, and port number.
To add a syslog server:
  1. From the syslog servers list, select Create New.
  2. Enter the following information:
    Name Enter a name for the syslog server on FortiAuthenticator.
    Server name/IP Enter the syslog server name or IP address.
    Port Enter the syslog server port number. The default port is 514.
    Level Select a log level to store on the remote server from the dropdown menu. See Level.
    Facility Select a facility from the dropdown menu.
  3. Select OK to add the syslog server.