Override FortiAnalyzer and syslog server settings
In an HA cluster, secondary devices can be configured to use different FortiAnalyzer devices and syslog servers than the primary device. VDOMs can also override global syslog server settings.
Configure a different syslog server on a secondary HA device
To configure the primary HA device:
- Configure a global syslog server:
config global config log syslog setting set status enable set server 172.16.200.44 set facility local6 set format default end end
- Set up a VDOM exception to enable setting the global syslog server on the secondary HA device:
config global config system vdom-exception edit 1 set object log.syslogd.setting next end end
To configure the secondary HA device:
- Configure a global syslog server:
config global config log syslogd setting set status enable set server 172.16.200.55 set facility local5 end end
- After the primary and secondary device synchronize, generate logs on the secondary device.
To confirm that logs are been sent to the syslog server configured on the secondary device:
- On the primary device, retrieve the following packet capture from