Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config log fortianalyzer3 override-setting

Override FortiAnalyzer settings.

config log fortianalyzer3 override-setting

Description: Override FortiAnalyzer settings.

set use-management-vdom [enable|disable]

set status [enable|disable]

set ips-archive [enable|disable]

set server {string}

set certificate-verification [enable|disable]

set serial <name1>, <name2>, ...

set preshared-key {string}

set access-config [enable|disable]

set hmac-algorithm [sha256|sha1]

set enc-algorithm [high-medium|high|...]

set ssl-min-proto-version [default|SSLv3|...]

set conn-timeout {integer}

set monitor-keepalive-period {integer}

set monitor-failure-retry-period {integer}

set certificate {string}

set source-ip {string}

set upload-option [store-and-upload|realtime|...]

set upload-interval [daily|weekly|...]

set upload-day {user}

set upload-time {user}

set reliable [enable|disable]

set priority [default|low]

set max-log-rate {integer}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config log fortianalyzer3 override-setting

Parameter

Description

Type

Size

Default

use-management-vdom

Enable/disable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer.

option

-

disable

 

Option

Description

enable

Enable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer.

disable

Disable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer.

status

Enable/disable logging to FortiAnalyzer.

option

-

disable

 

Option

Description

enable

Enable logging to FortiAnalyzer.

disable

Disable logging to FortiAnalyzer.

ips-archive

Enable/disable IPS packet archive logging.

option

-

enable

 

Option

Description

enable

Enable IPS packet archive logging.

disable

Disable IPS packet archive logging.

server

The remote FortiAnalyzer.

string

Maximum length: 127

certificate-verification

Enable/disable identity verification of FortiAnalyzer by use of certificate.

option

-

enable

 

Option

Description

enable

Enable identity verification of FortiAnalyzer by use of certificate.

disable

Disable identity verification of FortiAnalyzer by use of certificate.

serial <name>

Serial numbers of the FortiAnalyzer.

Serial Number.

string

Maximum length: 79

preshared-key

Preshared-key used for auto-authorization on FortiAnalyzer.

string

Maximum length: 63

access-config

Enable/disable FortiAnalyzer access to configuration and data.

option

-

enable

 

Option

Description

enable

Enable FortiAnalyzer access to configuration and data.

disable

Disable FortiAnalyzer access to configuration and data.

hmac-algorithm

FortiAnalyzer IPsec tunnel HMAC algorithm.

option

-

sha256

 

Option

Description

sha256

Use SHA256 as HMAC algorithm.

sha1

Step down to SHA1 as the HMAC algorithm.

enc-algorithm

Configure the level of SSL protection for secure communication with FortiAnalyzer.

option

-

high

 

Option

Description

high-medium

Encrypt logs using high and medium encryption algorithms.

high

Encrypt logs using high encryption algorithms.

low

Encrypt logs using all encryption algorithms.

ssl-min-proto-version

Minimum supported protocol version for SSL/TLS connections .

option

-

default

 

Option

Description

default

Follow system global setting.

SSLv3

SSLv3.

TLSv1

TLSv1.

TLSv1-1

TLSv1.1.

TLSv1-2

TLSv1.2.

conn-timeout

FortiAnalyzer connection time-out in seconds (for status and log buffer).

integer

Minimum value: 1 Maximum value: 3600

10

monitor-keepalive-period

Time between OFTP keepalives in seconds (for status and log buffer).

integer

Minimum value: 1 Maximum value: 120

5

monitor-failure-retry-period

Time between FortiAnalyzer connection retries in seconds (for status and log buffer).

integer

Minimum value: 1 Maximum value: 86400

5

certificate

Certificate used to communicate with FortiAnalyzer.

string

Maximum length: 35

source-ip

Source IPv4 or IPv6 address used to communicate with FortiAnalyzer.

string

Maximum length: 63

upload-option

Enable/disable logging to hard disk and then uploading to FortiAnalyzer.

option

-

5-minute

 

Option

Description

store-and-upload

Log to hard disk and then upload to FortiAnalyzer.

realtime

Log directly to FortiAnalyzer in real time.

1-minute

Log directly to FortiAnalyzer at least every 1 minute.

5-minute

Log directly to FortiAnalyzer at least every 5 minutes.

upload-interval

Frequency to upload log files to FortiAnalyzer.

option

-

daily

 

Option

Description

daily

Upload log files to FortiAnalyzer once a day.

weekly

Upload log files to FortiAnalyzer once a week.

monthly

Upload log files to FortiAnalyzer once a month.

upload-day

Day of week (month) to upload logs.

user

Not Specified

upload-time

Time to upload logs (hh:mm).

user

Not Specified

reliable

Enable/disable reliable logging to FortiAnalyzer.

option

-

disable

 

Option

Description

enable

Enable reliable logging to FortiAnalyzer.

disable

Disable reliable logging to FortiAnalyzer.

priority

Set log transmission priority.

option

-

default

 

Option

Description

default

Set FortiAnalyzer log transmission priority to default.

low

Set FortiAnalyzer log transmission priority to low.

max-log-rate

FortiAnalyzer maximum log rate in MBps (0 = unlimited).

integer

Minimum value: 0 Maximum value: 100000

0

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config log fortianalyzer3 override-setting

Override FortiAnalyzer settings.

config log fortianalyzer3 override-setting

Description: Override FortiAnalyzer settings.

set use-management-vdom [enable|disable]

set status [enable|disable]

set ips-archive [enable|disable]

set server {string}

set certificate-verification [enable|disable]

set serial <name1>, <name2>, ...

set preshared-key {string}

set access-config [enable|disable]

set hmac-algorithm [sha256|sha1]

set enc-algorithm [high-medium|high|...]

set ssl-min-proto-version [default|SSLv3|...]

set conn-timeout {integer}

set monitor-keepalive-period {integer}

set monitor-failure-retry-period {integer}

set certificate {string}

set source-ip {string}

set upload-option [store-and-upload|realtime|...]

set upload-interval [daily|weekly|...]

set upload-day {user}

set upload-time {user}

set reliable [enable|disable]

set priority [default|low]

set max-log-rate {integer}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config log fortianalyzer3 override-setting

Parameter

Description

Type

Size

Default

use-management-vdom

Enable/disable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer.

option

-

disable

 

Option

Description

enable

Enable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer.

disable

Disable use of management VDOM IP address as source IP for logs sent to FortiAnalyzer.

status

Enable/disable logging to FortiAnalyzer.

option

-

disable

 

Option

Description

enable

Enable logging to FortiAnalyzer.

disable

Disable logging to FortiAnalyzer.

ips-archive

Enable/disable IPS packet archive logging.

option

-

enable

 

Option

Description

enable

Enable IPS packet archive logging.

disable

Disable IPS packet archive logging.

server

The remote FortiAnalyzer.

string

Maximum length: 127

certificate-verification

Enable/disable identity verification of FortiAnalyzer by use of certificate.

option

-

enable

 

Option

Description

enable

Enable identity verification of FortiAnalyzer by use of certificate.

disable

Disable identity verification of FortiAnalyzer by use of certificate.

serial <name>

Serial numbers of the FortiAnalyzer.

Serial Number.

string

Maximum length: 79

preshared-key

Preshared-key used for auto-authorization on FortiAnalyzer.

string

Maximum length: 63

access-config

Enable/disable FortiAnalyzer access to configuration and data.

option

-

enable

 

Option

Description

enable

Enable FortiAnalyzer access to configuration and data.

disable

Disable FortiAnalyzer access to configuration and data.

hmac-algorithm

FortiAnalyzer IPsec tunnel HMAC algorithm.

option

-

sha256

 

Option

Description

sha256

Use SHA256 as HMAC algorithm.

sha1

Step down to SHA1 as the HMAC algorithm.

enc-algorithm

Configure the level of SSL protection for secure communication with FortiAnalyzer.

option

-

high

 

Option

Description

high-medium

Encrypt logs using high and medium encryption algorithms.

high

Encrypt logs using high encryption algorithms.

low

Encrypt logs using all encryption algorithms.

ssl-min-proto-version

Minimum supported protocol version for SSL/TLS connections .

option

-

default

 

Option

Description

default

Follow system global setting.

SSLv3

SSLv3.

TLSv1

TLSv1.

TLSv1-1

TLSv1.1.

TLSv1-2

TLSv1.2.

conn-timeout

FortiAnalyzer connection time-out in seconds (for status and log buffer).

integer

Minimum value: 1 Maximum value: 3600

10

monitor-keepalive-period

Time between OFTP keepalives in seconds (for status and log buffer).

integer

Minimum value: 1 Maximum value: 120

5

monitor-failure-retry-period

Time between FortiAnalyzer connection retries in seconds (for status and log buffer).

integer

Minimum value: 1 Maximum value: 86400

5

certificate

Certificate used to communicate with FortiAnalyzer.

string

Maximum length: 35

source-ip

Source IPv4 or IPv6 address used to communicate with FortiAnalyzer.

string

Maximum length: 63

upload-option

Enable/disable logging to hard disk and then uploading to FortiAnalyzer.

option

-

5-minute

 

Option

Description

store-and-upload

Log to hard disk and then upload to FortiAnalyzer.

realtime

Log directly to FortiAnalyzer in real time.

1-minute

Log directly to FortiAnalyzer at least every 1 minute.

5-minute

Log directly to FortiAnalyzer at least every 5 minutes.

upload-interval

Frequency to upload log files to FortiAnalyzer.

option

-

daily

 

Option

Description

daily

Upload log files to FortiAnalyzer once a day.

weekly

Upload log files to FortiAnalyzer once a week.

monthly

Upload log files to FortiAnalyzer once a month.

upload-day

Day of week (month) to upload logs.

user

Not Specified

upload-time

Time to upload logs (hh:mm).

user

Not Specified

reliable

Enable/disable reliable logging to FortiAnalyzer.

option

-

disable

 

Option

Description

enable

Enable reliable logging to FortiAnalyzer.

disable

Disable reliable logging to FortiAnalyzer.

priority

Set log transmission priority.

option

-

default

 

Option

Description

default

Set FortiAnalyzer log transmission priority to default.

low

Set FortiAnalyzer log transmission priority to low.

max-log-rate

FortiAnalyzer maximum log rate in MBps (0 = unlimited).

integer

Minimum value: 0 Maximum value: 100000

0

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15