Log settings
Log-related information is inside the <log_settings> </log_settings> XML tags.
<forticlient_configuration>
<system>
<log_settings>
<onnet_local_logging>[0|1]</onnet_local_logging>
<level>6</level>
<log_events>ipsecvpn,sslvpn,scheduler,update,firewall,av,proxy,shield,webfilter,endpoint,fssoma,configd,vuln,sandboxing,antiexploit</log_events>
<remote_logging>
<log_upload_enabled>0</log_upload_enabled>
<log_upload_server>0.0.0.0</log_upload_server>
<log_upload_ssl_enabled>1</log_upload_ssl_enabled>
<log_retention_days>90</log_retention_days>
<log_upload_freq_minutes>90</log_upload_freq_minutes>
<log_generation_timeout_secs>900</log_generation_timeout_secs>
<log_compressed>0</log_compressed>
<log_protocol>syslog</log_protocol>
<!-- faz | syslog -->
<!-- server IP address -->
<netlog_server>0.0.0.0</netlog_server>
<netlog_categories>7</netlog_categories>
</remote_logging>
</log_settings>
</system>
</forticlient_configuration>
The following table provides the XML tags for log settings, as well as the descriptions and default values where applicable.
|
<onnet_local_logging>
|
If client-log-when-on-net is enabled on EMS, EMS sends this XML element.
Boolean value: [0 | 1]
|
|
|
<level>
|
Select the FortiClient logging level. Enter one of the following:
-
0: emergency
-
1: alert
-
2: critical
-
3: error
-
4: warning
-
5: notice
-
6: information
-
7: debug
|
6
|
|
<log_events>
|
FortiClient events or processes to log. One or more comma-separated list of:
-
ipsecvpn: IPsec VPN log events
-
sslvpn: SSL VPN log events
-
firewall: Application Firewall log events
-
av: Antivirus log events
-
webfilter: Web Filtering log events
-
vuln: Vulnerability Scan log events
-
fssoma: Single Sign-On (SSO) mobility agent for FortiAuthenticator log events
-
scheduler: Scheduler log events
-
update: Update log events
-
proxy: FortiProxy log events
-
shield: FortiShield log events
-
endpoint: Endpoint Control log events
-
configd: Configuration log events
-
sandboxing: Sandbox Detection events
|
ipsecvpn, sslvpn, scheduler, update, firewall, av, clientmanager, proxy, shield, webfilter, endpoint, fssoma, configd, vuln
(enable all events by default)
|
|
<remote_logging> elements
All elements for <remote_logging> apply only to remote logs. The elements do not affect the behavior of local logs.
|
|
<log_upload_enabled>
|
Set the Boolean value to 1 to upload logs to the FortiAnalyzer or FortiManager.
Boolean value: [0 | 1]
|
0
|
|
<log_upload_server>
|
Enter the IP address of the FortiAnalyzer or FortiManager to send logs to.
|
|
|
<log_upload_ssl_enabled>
|
Enable or disable use of SSL protocol during log upload.
Boolean value: [0 | 1]
|
1
|
|
<log_upload_freq_minutes>
|
The log frequency upload period in minutes.
|
90
|
|
<log_generation_timeout_sec>
|
How often logs are created in seconds.
|
900
|
|
<log_compressed>
|
Enable or disable compression of logs.
Boolean value: [0 | 1]
|
|
|
<log_retention_days>
|
If the server is not reachable, the number of days to retain the logs in the upload queue before being deleted. Local logs are not deleted.
|
90
|
|
<log_protocol>
|
Enter the remote server type:
-
faz: FortiAnalyzer
-
syslog: Syslog server
|
|
|
<netlog_server>
|
Enter the syslog server's IP address. Used only when <log_protocol> is set to syslog.
|
|
|
<netlog_categories>
|
Enter the bitmask of logs to upload.
Bitmask:
1 = traffic logs
2 = vulnerability logs
4 = event logs
Since these are bitmasks, you may combine as follows:
3 = 1 or 2 (traffic and vulnerability)
5 = 1 or 4 (traffic and event)
6 = 2 or 4 (vulnerability and event)
7 = 1 or 2 or 4 (all logs)
|
7
|
|
The FortiShield daemon protects FortiClient’s own file system and registry settings from modification by unauthorized persons.
|
