Sending EMS system log messages to FortiAnalyzer 7.2.4
EMS can send server logs to FortiAnalyzer for reporting and investigation. For audit purposes, you should log all admin activity.
To configure sending EMS system log messages to FortiAnalyzer:
- Authorize the EMS in FortiAnalyzer to allow FortiAnalyzer to receive logs from the EMS instance:
- In FortiAnalyzer, go to Device Manager.
- Click Add Device.
- In Add Device, in the Serial Number field, enter the EMS serial number. FortiAnalyzer automatically recognizes that the device is an EMS instance from the serial number.
- Configure other fields as desired, then click Next.
FortiAnalyzer adds EMS as an authorized device and is ready to receive its logs.
- In EMS, go to System Settings > Log Settings.
- For Send system logs externally, select FortiAnalyzer.
- In the FortiAnalyzer server address field, enter the FortiAnalyzer server IP address.
- In the FortiAnalyzer server port field, configure the desired port. This example keeps the default value, 514.
- From the Data protocol dropdown list, select the desired data protocol. This example selects UDP.
- Click Save.
- In FortiAnalyzer, go to Log View > FortiClient to view EMS logs.