Logging and reporting are useful components to help you understand what is happening on your network, and to inform you about certain network activities, such as the detection of a virus, a visit to an invalid website, an intrusion, a failed log in attempt, and myriad others.
Logging records the traffic that passes through, starts from, or ends on the FortiGate, and records the actions the FortiGate took during the traffic scanning process. After this information is recorded in a log message, it is stored in a log file that is stored on a log device (a central storage location for log messages). FortiGates support several log devices, such as FortiAnalyzer, FortiGate Cloud, and syslog servers. Approximately 5% of memory is used for buffering logs sent to FortiAnalyzer. The FortiGate system memory and local disk can also be configured to store logs, so it is also considered a log device.
Reports show the recorded activity in a more readable format. A report gathers all the log information that it needs, then presents it in a graphical format with a customizable design and automatically generated charts showing what is happening on the network. Reports can be generated on FortiGate devices with disk logging and on FortiAnalyzer devices.
Performance statistics are not logged to disk. Performance statistics can be received by a syslog server or by FortiAnalyzer.
The following topics provide information about logging and reporting:
- Viewing event logs
- Sample logs by log type
- Log buffer on FortiGates with an SSD disk
- Checking the email filter log
- Supported log types to FortiAnalyzer, syslog, and FortiAnalyzer Cloud
- Configuring multiple FortiAnalyzers on a multi-VDOM FortiGate
- Configuring multiple FortiAnalyzers (or syslog servers) per VDOM
- Source and destination UUID logging
- Logging the signal-to-noise ratio and signal strength per client
- RSSO information for authenticated destination users in logs
- Threat weight