Override FortiAnalyzer and syslog server settings

In an HA cluster, secondary devices can be configured to use different FortiAnalyzer devices and syslog servers than the primary device. VDOMs can also override global syslog server settings.

Configure a different syslog server on a secondary HA device

To configure the primary HA device:

Configure a global syslog server:

config global
    config log syslog setting
        set status enable
        set server 172.16.200.44
        set facility local6
        set format default
    end
end

Set up a VDOM exception to enable setting the global syslog server on the secondary HA device:

config global
    config system vdom-exception
        edit 1
            set object log.syslogd.setting
        next
    end
end

To configure the secondary HA device:

Configure a global syslog server:

config global
    config log syslogd setting
        set status enable
        set server 172.16.200.55
        set facility local5
    end
end

After the primary and secondary device synchronize, generate logs on the secondary device.

To confirm that logs are been sent to the syslog server configured on the secondary device:

On the primary device, retrieve the following packet capture from

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Table of Contents

Administration Guide

Override FortiAnalyzer and syslog server settings

Configure a different syslog server on a secondary HA device

To configure the primary HA device:

To configure the secondary HA device:

To confirm that logs are been sent to the syslog server configured on the secondary device: