Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAuthenticator 6.4.4 Administration Guide
    6.4.4
    6.6.2
    6.6.1
    6.6.0
    6.5.5
    6.5.4
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.2
    6.2.1
    6.2.0
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.5.0
    5.4.0
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.1
    4.2.0

    Log configuration

    Log configuration

    Logs can be remotely backed up to an FTP server, automatically deleted, and sent to a remote syslog server in lieu of storing them locally.

    Log settings

    To configure log backups, automatic deletion, and remote storage, go to Logging > Log Config > Log Settings.

    To configure log backups:
    1. Under Log Backup, select Enable remote backup.
    2. Set the Frequency to either Daily, Weekly, or Monthly.
    3. Configure the time of day that the backup will occur in one of the following ways:
      • Enter a time in the Time field.
      • Select Now to enter the current time.
      • Select the clock icon and choose a time from the pop-up menu: Now, Midnight, 6 a.m., Noon, or 6 p.m.
    4. Select an FTP server from the FTP server dropdown menu. For information on configuring an FTP server, see FTP servers.
    5. Select OK to save your settings.
    To configure automatic log deletion:
    1. Under Log Auto-Deletion, select Enable log auto-deletion.
    2. Use the Auto-delete logs older than field and dropdown menu to specify the number of either day(s), week(s), or month(s) after which a log will be deleted.
    3. Select OK to save your settings.
    To configure logging to a FortiManager/FortiAnalyzer unit:
    1. Under FortiManager/FortiAnalyzer, select Send logs to FortiManager/FortiAnalyzer.
    2. Enter the Internet-facing IP address of the FortiManager or FortiAnalyzer unit.
    To configure logging to a remote syslog server:
    1. Under Remote Syslog, select Send system logs to remote Syslog servers.
    2. Move the remote syslog servers to which the logs will be sent from the Available syslog servers box to the Chosen syslog servers box.

      3. For information on adding syslog servers, see Syslog servers.

    3. Select OK to save your settings.
    To send debug logs to a remote syslog server:
    1. Under Remote Syslog, select Send debug logs to remote Syslog servers.
    2. Move the available applications for which debug logs are to be forwarded from the Available Applications box to the Chosen Applications box.
    3. Move the remote syslog servers to which the debug logs will be sent from the Available syslog servers box to the Chosen syslog servers box.
    4. Select OK to save your settings.

    Syslog servers

    Syslog servers can be used to store remote logs. To view the syslog server list, go to Logging > Log Config > Syslog Servers. A maximum of 20 syslog servers can be configured.

    Create New Add a new syslog server.
    Delete Delete the selected syslog server or servers.
    Edit Edit the selected syslog server.
    Name The syslog server name on FortiAuthenticator.
    Server name/IP The server name or IP address, and port number.
    To add a syslog server:
    1. From the syslog servers list, select Create New.

    2. Enter the following information:
      NameEnter a name for the syslog server on FortiAuthenticator.
      Server name/IPEnter the syslog server name or IP address.
      PortEnter the syslog server port number. The default port is 514.
      LevelSelect a log level to store on the remote server from the dropdown menu. See Level.
      FacilitySelect a facility from the dropdown menu.

      Secure Connection

      Enable

      Enable to send syslog messages over TLS.

      This option is disabled by default.

      Certificate authority type

      Select either the Local CA or the Trusted CA.

      CA certificate

      From the dropdown, select a local CA certificate used to verify the syslog server certificate.

      This option is only available when the Certificate authority type is Local CA.

      Trusted certificate

      From the dropdown, select a trusted certificate used to verify the syslog server certificate.

      This option is only available when the Certificate authority type is Trusted CA.

    3. Select OK to add the syslog server.
    Previous
    Next

    Log configuration

    Log configuration

    Logs can be remotely backed up to an FTP server, automatically deleted, and sent to a remote syslog server in lieu of storing them locally.

    Log settings

    To configure log backups, automatic deletion, and remote storage, go to Logging > Log Config > Log Settings.

    To configure log backups:
    1. Under Log Backup, select Enable remote backup.
    2. Set the Frequency to either Daily, Weekly, or Monthly.
    3. Configure the time of day that the backup will occur in one of the following ways:
      • Enter a time in the Time field.
      • Select Now to enter the current time.
      • Select the clock icon and choose a time from the pop-up menu: Now, Midnight, 6 a.m., Noon, or 6 p.m.
    4. Select an FTP server from the FTP server dropdown menu. For information on configuring an FTP server, see FTP servers.
    5. Select OK to save your settings.
    To configure automatic log deletion:
    1. Under Log Auto-Deletion, select Enable log auto-deletion.
    2. Use the Auto-delete logs older than field and dropdown menu to specify the number of either day(s), week(s), or month(s) after which a log will be deleted.
    3. Select OK to save your settings.
    To configure logging to a FortiManager/FortiAnalyzer unit:
    1. Under FortiManager/FortiAnalyzer, select Send logs to FortiManager/FortiAnalyzer.
    2. Enter the Internet-facing IP address of the FortiManager or FortiAnalyzer unit.
    To configure logging to a remote syslog server:
    1. Under Remote Syslog, select Send system logs to remote Syslog servers.
    2. Move the remote syslog servers to which the logs will be sent from the Available syslog servers box to the Chosen syslog servers box.

      3. For information on adding syslog servers, see Syslog servers.

    3. Select OK to save your settings.
    To send debug logs to a remote syslog server:
    1. Under Remote Syslog, select Send debug logs to remote Syslog servers.
    2. Move the available applications for which debug logs are to be forwarded from the Available Applications box to the Chosen Applications box.
    3. Move the remote syslog servers to which the debug logs will be sent from the Available syslog servers box to the Chosen syslog servers box.
    4. Select OK to save your settings.

    Syslog servers

    Syslog servers can be used to store remote logs. To view the syslog server list, go to Logging > Log Config > Syslog Servers. A maximum of 20 syslog servers can be configured.

    Create New Add a new syslog server.
    Delete Delete the selected syslog server or servers.
    Edit Edit the selected syslog server.
    Name The syslog server name on FortiAuthenticator.
    Server name/IP The server name or IP address, and port number.
    To add a syslog server:
    1. From the syslog servers list, select Create New.

    2. Enter the following information:
      NameEnter a name for the syslog server on FortiAuthenticator.
      Server name/IPEnter the syslog server name or IP address.
      PortEnter the syslog server port number. The default port is 514.
      LevelSelect a log level to store on the remote server from the dropdown menu. See Level.
      FacilitySelect a facility from the dropdown menu.

      Secure Connection

      Enable

      Enable to send syslog messages over TLS.

      This option is disabled by default.

      Certificate authority type

      Select either the Local CA or the Trusted CA.

      CA certificate

      From the dropdown, select a local CA certificate used to verify the syslog server certificate.

      This option is only available when the Certificate authority type is Local CA.

      Trusted certificate

      From the dropdown, select a trusted certificate used to verify the syslog server certificate.

      This option is only available when the Certificate authority type is Trusted CA.

    3. Select OK to add the syslog server.
    Previous
    Next