Log configuration
Logs can be remotely backed up to an FTP server, automatically deleted, and sent to a remote syslog server in lieu of storing them locally.
Log settings
To configure log backups, automatic deletion, and remote storage, go to Logging > Log Config > Log Settings.
To configure log backups:
- Under Log Backup, select Enable remote backup.
- Set the Frequency to either Daily, Weekly, or Monthly.
- Configure the time of day that the backup will occur in one of the following ways:
- Enter a time in the Time field.
- Select Now to enter the current time.
- Select the clock icon and choose a time from the pop-up menu: Now, Midnight, 6 a.m., Noon, or 6 p.m.
- Select an FTP server from the FTP server dropdown menu. For information on configuring an FTP server, see FTP servers.
- Select OK to save your settings.
To configure automatic log deletion:
- Under Log Auto-Deletion, select Enable log auto-deletion.
- Use the Auto-delete logs older than field and dropdown menu to specify the number of either day(s), week(s), or month(s) after which a log will be deleted.
- Select OK to save your settings.
To configure logging to a FortiManager/FortiAnalyzer unit:
- Under FortiManager/FortiAnalyzer, select Send logs to FortiManager/FortiAnalyzer.
- Enter the Internet-facing IP address of the FortiManager or FortiAnalyzer unit.
To configure logging to a remote syslog server:
- Under Remote Syslog, select Send system logs to remote Syslog servers.
- Move the remote syslog servers to which the logs will be sent from the Available syslog servers box to the Chosen syslog servers box.
- Select OK to save your settings.
For information on adding syslog servers, see Syslog servers.
To send debug logs to a remote syslog server:
- Under Remote Syslog, select Send debug logs to remote Syslog servers.
- Move the available applications for which debug logs are to be forwarded from the Available Applications box to the Chosen Applications box.
- Move the remote syslog servers to which the debug logs will be sent from the Available syslog servers box to the Chosen syslog servers box.
- Select OK to save your settings.
Syslog servers
Syslog servers can be used to store remote logs. To view the syslog server list, go to Logging > Log Config > Syslog Servers. A maximum of 20 syslog servers can be configured.
Create New | Add a new syslog server. |
Delete | Delete the selected syslog server or servers. |
Edit | Edit the selected syslog server. |
Name | The syslog server name on FortiAuthenticator. |
Server name/IP | The server name or IP address, and port number. |
To add a syslog server:
- From the syslog servers list, select Create New.
- Enter the following information:
Name Enter a name for the syslog server on FortiAuthenticator. Server name/IP Enter the syslog server name or IP address. Port Enter the syslog server port number. The default port is 514. Level Select a log level to store on the remote server from the dropdown menu. See Level. Facility Select a facility from the dropdown menu. - Select OK to add the syslog server.