Sending EMS system log messages to FortiAnalyzer
EMS can send server logs to FortiAnalyzer for reporting and investigation. For audit purposes, you should log all admin activity.
To configure sending EMS system log messages to FortiAnalyzer:
- Authorize the EMS in FortiAnalyzer to allow FortiAnalyzer to receive logs from the EMS instance:
- In FortiAnalyzer, go to Device Manager.
- Click Add Device.
- In the Add Device dialog, in the Serial Number field, enter the EMS serial number. FortiAnalyzer automatically recognizes that the device is an EMS instance from the serial number.
- Configure other fields as desired, then click Next.
EMS is added as an authorized device and FortiAnalyzer is ready to receive its logs.
- In EMS, go to System Settings > Log Settings.
- For Send system logs externally, select FortiAnalyzer.
- In the FortiAnalyzer server address field, enter the FortiAnalyzer server IP address.
- In the FortiAnalyzer server port field, configure the desired port. This example keeps the default value, 514.
- From the Data protocol dropdown list, select the desired data protocol. This example selects UDP.
- Click Save.
- In FortiAnalyzer, go to Log View > FortiClient to view EMS logs.