Fortinet black logo

FortiGate-7000F Handbook

Home FortiGate-7000 6.4.10 FortiGate-7000F Handbook

Using direct SLBC logging to optimize logging performance

6.4.10
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.2.16
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
Copy Link
Copy Doc ID 28d25981-701b-11ed-8e6d-fa163e15d75b:957266
Download PDF

Using direct SLBC logging to optimize logging performance

Direct SLBC logging improves performance by sending FPM syslog or FortiAnalyzer log messages directly to one of the M1, M2, M3, or M4 interfaces of the FIM in slot 1 or slot 2. You can also create a LAG of the M1 and M2 interfaces of one or both FIMs or a LAG of the M3 and M4 interfaces of one or both FIMs and send log messages to this LAG. Log messages are sent from the FPMs over the chassis management backplane, directly to the configured M interface or LAG, bypassing FIM CPUs. Direct logging may also improve logging performance by separating logging traffic from data traffic.

Choose the interface to use for direct SLBC logging depending on your expected log message bandwidth requirements and the other uses you might have for the 100G M1 and M2 interfaces or the 10G M3 and M4 interfaces. The interface that you choose has to have an IP address. The FortiAnalyzers or the syslog servers must be reachable from the interface. The interface can't be used for other traffic. No special syslog configuration is required. If you are sending syslog messages, the syslog servers must be able to accept log messages over UDP.

Use the following command to enable direct SLBC logging and select an interface to send log messages to.

config log slbc global-setting

set direct-log-mode {faz-udp | udp}

set direct-log-dev <interface-name>

end

direct-log-mode {faz-udp | udp} set the direct logging mode:

faz-udp use direct SLBC logging to send FortiAnalyzer log messages over UDP to one or more FortiAnalyzers.

udp use direct SLBC logging to send syslog messages over UDP to one or more syslog servers.

Note

Use the following command to disable direct logging:

config log slbc global-setting

unset direct-log-mode

end

direct-log-dev <interface-name> select the interface to use for direct SLBC logging.

Previous
Next

Using direct SLBC logging to optimize logging performance

Direct SLBC logging improves performance by sending FPM syslog or FortiAnalyzer log messages directly to one of the M1, M2, M3, or M4 interfaces of the FIM in slot 1 or slot 2. You can also create a LAG of the M1 and M2 interfaces of one or both FIMs or a LAG of the M3 and M4 interfaces of one or both FIMs and send log messages to this LAG. Log messages are sent from the FPMs over the chassis management backplane, directly to the configured M interface or LAG, bypassing FIM CPUs. Direct logging may also improve logging performance by separating logging traffic from data traffic.

Choose the interface to use for direct SLBC logging depending on your expected log message bandwidth requirements and the other uses you might have for the 100G M1 and M2 interfaces or the 10G M3 and M4 interfaces. The interface that you choose has to have an IP address. The FortiAnalyzers or the syslog servers must be reachable from the interface. The interface can't be used for other traffic. No special syslog configuration is required. If you are sending syslog messages, the syslog servers must be able to accept log messages over UDP.

Use the following command to enable direct SLBC logging and select an interface to send log messages to.

config log slbc global-setting

set direct-log-mode {faz-udp | udp}

set direct-log-dev <interface-name>

end

direct-log-mode {faz-udp | udp} set the direct logging mode:

faz-udp use direct SLBC logging to send FortiAnalyzer log messages over UDP to one or more FortiAnalyzers.

udp use direct SLBC logging to send syslog messages over UDP to one or more syslog servers.

Note

Use the following command to disable direct logging:

config log slbc global-setting

unset direct-log-mode

end

direct-log-dev <interface-name> select the interface to use for direct SLBC logging.

Previous
Next