Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    6.2.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Multiple FortiAnalyzer (or Syslog) Per VDOM

    Multiple FortiAnalyzer (or Syslog) Per VDOM

    Under VDOM, support has been added for multiple FortiAnalyzer and Syslog servers as follows:

    • Support for up to three override FortiAnalyzer servers.
    • Support for up to four override Syslog servers.

    If the VDOM faz-override and/or syslog-override setting is enabled or disabled (default) before upgrading, the setting remains the same after upgrading.

    In the GUI, if the override setting is disabled, the GUI displays the global FortiAnalyzer1 or syslog1 setting. If the override setting is enabled, the GUI displays the VDOM override FortiAnalyzer1 or syslog1 setting.

    You can only use CLI to enable the override to support multiple log servers.

    To enable FortiAnalyzer and Syslog server override under VDOM:

    config log setting

    set faz-override enable

    set syslog-override enable

    end

    When faz-override and/or syslog-override is enabled, the following CLI commands are available to config VDOM override:

    To configure VDOM override for FortiAnalyzer:

    config log fortianalyzer/fortianalyzer2/fortianalyzer3 override-setting

    set status enable

    set server "123.12.123.123"

    set reliable enable

    end

    config log fortianalyzer/fortianalyzer2/fortianalyzer3 override-filter

    set severity information

    set forward-traffic enable

    set local-traffic enable

    set multicast-traffic enable

    set sniffer-traffic enable

    set anomaly enable

    set voip enable

    set dlp-archive enable

    set dns enable

    set ssh enable

    set ssl enable

    end

    To configure VDOM override for Syslog server:

    config log syslogd/syslogd2/syslogd3/syslogd4 override-setting

    set status enable

    set server "123.12.123.12"

    set facility local1

    end

    config log syslogd/syslogd2/syslogd3/syslogd4 override-filter

    set severity information

    set forward-traffic enable

    set local-traffic enable

    set multicast-traffic enable

    set sniffer-traffic enable

    set anomaly enable

    set voip enable

    set dns enable

    set ssh enable

    set ssl enable

    end

    Previous
    Next

    Related Videos

    sidebar video

    Multiple FortiAnalyzers and Syslog Servers per VDOM

    • 1,097 views
    • 5 years ago

    Multiple FortiAnalyzer (or Syslog) Per VDOM

    Multiple FortiAnalyzer (or Syslog) Per VDOM

    Under VDOM, support has been added for multiple FortiAnalyzer and Syslog servers as follows:

    • Support for up to three override FortiAnalyzer servers.
    • Support for up to four override Syslog servers.

    If the VDOM faz-override and/or syslog-override setting is enabled or disabled (default) before upgrading, the setting remains the same after upgrading.

    In the GUI, if the override setting is disabled, the GUI displays the global FortiAnalyzer1 or syslog1 setting. If the override setting is enabled, the GUI displays the VDOM override FortiAnalyzer1 or syslog1 setting.

    You can only use CLI to enable the override to support multiple log servers.

    To enable FortiAnalyzer and Syslog server override under VDOM:

    config log setting

    set faz-override enable

    set syslog-override enable

    end

    When faz-override and/or syslog-override is enabled, the following CLI commands are available to config VDOM override:

    To configure VDOM override for FortiAnalyzer:

    config log fortianalyzer/fortianalyzer2/fortianalyzer3 override-setting

    set status enable

    set server "123.12.123.123"

    set reliable enable

    end

    config log fortianalyzer/fortianalyzer2/fortianalyzer3 override-filter

    set severity information

    set forward-traffic enable

    set local-traffic enable

    set multicast-traffic enable

    set sniffer-traffic enable

    set anomaly enable

    set voip enable

    set dlp-archive enable

    set dns enable

    set ssh enable

    set ssl enable

    end

    To configure VDOM override for Syslog server:

    config log syslogd/syslogd2/syslogd3/syslogd4 override-setting

    set status enable

    set server "123.12.123.12"

    set facility local1

    end

    config log syslogd/syslogd2/syslogd3/syslogd4 override-filter

    set severity information

    set forward-traffic enable

    set local-traffic enable

    set multicast-traffic enable

    set sniffer-traffic enable

    set anomaly enable

    set voip enable

    set dns enable

    set ssh enable

    set ssl enable

    end

    Previous
    Next