Fortinet white logo
Fortinet white logo

Cookbook

Configuring multiple FortiAnalyzers (or syslog servers) per VDOM

Configuring multiple FortiAnalyzers (or syslog servers) per VDOM

In a VDOM, multiple FortiAnalyzer and syslog servers can be configured as follows:

  • Up to three override FortiAnalyzer servers
  • Up to four override syslog servers

If the VDOM faz-override and/or syslog-override setting is enabled or disabled (default) before upgrading, the setting remains the same after upgrading.

If the override setting is disabled, the GUI displays the global FortiAnalyzer1 or syslog1 setting. If the override setting is enabled, the GUI displays the VDOM override FortiAnalyzer1 or syslog1 setting.

You can only use CLI to enable the override to support multiple log servers.

To enable FortiAnalyzer and syslog server override under VDOM:
config log setting
    set faz-override enable
    set syslog-override enable
end

When faz-override and/or syslog-override is enabled, the following CLI commands are available for configuring VDOM override:

To configure VDOM override for FortiAnalyzer:
  1. Configure the FortiAnalyzer override settings:
    config log fortianalyzer/fortianalyzer2/fortianalyzer3 override-setting
        set status enable
        set server "123.12.123.123"
        set reliable enable
    end
  2. Configure the override filters:
    config log fortianalyzer/fortianalyzer2/fortianalyzer3 override-filter
        set severity information
        set forward-traffic enable
        set local-traffic enable
        set multicast-traffic enable
        set sniffer-traffic enable
        set anomaly enable
        set voip enable
        set dlp-archive enable
        set dns enable
        set ssh enable
        set ssl enable
    end
To configure VDOM override for a syslog server:
  1. Configure the syslog override settings:
    config log syslogd/syslogd2/syslogd3/syslogd4 override-setting
        set status enable
        set server "123.12.123.12"
        set facility local1
    end
  2. Configure the override filters:
    config log syslogd/syslogd2/syslogd3/syslogd4 override-filter
        set severity information
        set forward-traffic enable
        set local-traffic enable
        set multicast-traffic enable
        set sniffer-traffic enable
        set anomaly enable
        set voip enable
        set dns enable
        set ssh enable
        set ssl enable
    end

Related Videos

sidebar video

Multiple FortiAnalyzers and Syslog Servers per VDOM

  • 1,097 views
  • 5 years ago

Configuring multiple FortiAnalyzers (or syslog servers) per VDOM

Configuring multiple FortiAnalyzers (or syslog servers) per VDOM

In a VDOM, multiple FortiAnalyzer and syslog servers can be configured as follows:

  • Up to three override FortiAnalyzer servers
  • Up to four override syslog servers

If the VDOM faz-override and/or syslog-override setting is enabled or disabled (default) before upgrading, the setting remains the same after upgrading.

If the override setting is disabled, the GUI displays the global FortiAnalyzer1 or syslog1 setting. If the override setting is enabled, the GUI displays the VDOM override FortiAnalyzer1 or syslog1 setting.

You can only use CLI to enable the override to support multiple log servers.

To enable FortiAnalyzer and syslog server override under VDOM:
config log setting
    set faz-override enable
    set syslog-override enable
end

When faz-override and/or syslog-override is enabled, the following CLI commands are available for configuring VDOM override:

To configure VDOM override for FortiAnalyzer:
  1. Configure the FortiAnalyzer override settings:
    config log fortianalyzer/fortianalyzer2/fortianalyzer3 override-setting
        set status enable
        set server "123.12.123.123"
        set reliable enable
    end
  2. Configure the override filters:
    config log fortianalyzer/fortianalyzer2/fortianalyzer3 override-filter
        set severity information
        set forward-traffic enable
        set local-traffic enable
        set multicast-traffic enable
        set sniffer-traffic enable
        set anomaly enable
        set voip enable
        set dlp-archive enable
        set dns enable
        set ssh enable
        set ssl enable
    end
To configure VDOM override for a syslog server:
  1. Configure the syslog override settings:
    config log syslogd/syslogd2/syslogd3/syslogd4 override-setting
        set status enable
        set server "123.12.123.12"
        set facility local1
    end
  2. Configure the override filters:
    config log syslogd/syslogd2/syslogd3/syslogd4 override-filter
        set severity information
        set forward-traffic enable
        set local-traffic enable
        set multicast-traffic enable
        set sniffer-traffic enable
        set anomaly enable
        set voip enable
        set dns enable
        set ssh enable
        set ssl enable
    end