Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.0
Download PDF
Copy Link

log {azure-security-center | azure-security-center2} filter

Use this command to configure log filter settings to determine which logs will be recorded and sent to the Azure Security Center service.

Filter settings are only available if your FortiGate has been configured to work with Azure Security Center using the azure-security-center setting command.

note icon The exact same entries can be found under the azure-security-center2 filter command.
config log azure-security-center filter
    set severity {option}   Lowest severity level to log.
            emergency     Emergency level.
            alert         Alert level.
            critical      Critical level.
            error         Error level.
            warning       Warning level.
            notification  Notification level.
            information   Information level.
            debug         Debug level.
    set forward-traffic {enable | disable}   Enable/disable forward traffic logging.
    set local-traffic {enable | disable}   Enable/disable local in or out traffic logging.
    set multicast-traffic {enable | disable}   Enable/disable multicast traffic logging.
    set sniffer-traffic {enable | disable}   Enable/disable sniffer traffic logging.
    set anomaly {enable | disable}   Enable/disable anomaly logging.
    set voip {enable | disable}   Enable/disable VoIP logging.
    set gtp {enable | disable}   Enable/disable GTP messages logging.
    set dns {enable | disable}   Enable/disable detailed DNS event logging.
    set ssh {enable | disable}   Enable/disable SSH logging.
    set filter {string}   Log filter for the log device. size[511]
    set filter-type {include | exclude}   Include/exclude logs that match the filter.
            include  Include logs that match the filter.
            exclude  Exclude logs that match the filter.
end

Additional information

The following section is for those options that require additional explanation.

The filter option is set by included the logid list and/or its level as filters. Possibilities include:

  • logid(...)
  • traffic-level(...)
  • event-level(...)
  • virus-level(...)
  • webfilter-level(...)
  • ips-level(...)
  • emailfilter-level(...)
  • anomaly-level(...)
  • voip-level(...)
  • dlp-level(...)
  • app-ctrl-level(...)
  • waf-level(...)
  • gtp-level(...)
  • dns-level(...)

Example 1

config log azure-security-center

config setting

set filter "logid(40704,32042)"

 

Example 2

config log azure-security-center

config setting

set filter "event-level(information)"

 

The available levels are as the following: emergency, alert, critical, error, warning, notice, information, debugdebug

note icon Due to Azure Security Center retiring its firewall solution integration, this feature is no longer supported. See Retirement of Security Center features (July 2019). For a replacement integration, see Azure Sentinel.

log {azure-security-center | azure-security-center2} filter

Use this command to configure log filter settings to determine which logs will be recorded and sent to the Azure Security Center service.

Filter settings are only available if your FortiGate has been configured to work with Azure Security Center using the azure-security-center setting command.

note icon The exact same entries can be found under the azure-security-center2 filter command.
config log azure-security-center filter
    set severity {option}   Lowest severity level to log.
            emergency     Emergency level.
            alert         Alert level.
            critical      Critical level.
            error         Error level.
            warning       Warning level.
            notification  Notification level.
            information   Information level.
            debug         Debug level.
    set forward-traffic {enable | disable}   Enable/disable forward traffic logging.
    set local-traffic {enable | disable}   Enable/disable local in or out traffic logging.
    set multicast-traffic {enable | disable}   Enable/disable multicast traffic logging.
    set sniffer-traffic {enable | disable}   Enable/disable sniffer traffic logging.
    set anomaly {enable | disable}   Enable/disable anomaly logging.
    set voip {enable | disable}   Enable/disable VoIP logging.
    set gtp {enable | disable}   Enable/disable GTP messages logging.
    set dns {enable | disable}   Enable/disable detailed DNS event logging.
    set ssh {enable | disable}   Enable/disable SSH logging.
    set filter {string}   Log filter for the log device. size[511]
    set filter-type {include | exclude}   Include/exclude logs that match the filter.
            include  Include logs that match the filter.
            exclude  Exclude logs that match the filter.
end

Additional information

The following section is for those options that require additional explanation.

The filter option is set by included the logid list and/or its level as filters. Possibilities include:

  • logid(...)
  • traffic-level(...)
  • event-level(...)
  • virus-level(...)
  • webfilter-level(...)
  • ips-level(...)
  • emailfilter-level(...)
  • anomaly-level(...)
  • voip-level(...)
  • dlp-level(...)
  • app-ctrl-level(...)
  • waf-level(...)
  • gtp-level(...)
  • dns-level(...)

Example 1

config log azure-security-center

config setting

set filter "logid(40704,32042)"

 

Example 2

config log azure-security-center

config setting

set filter "event-level(information)"

 

The available levels are as the following: emergency, alert, critical, error, warning, notice, information, debugdebug

note icon Due to Azure Security Center retiring its firewall solution integration, this feature is no longer supported. See Retirement of Security Center features (July 2019). For a replacement integration, see Azure Sentinel.