Fortinet white logo
Fortinet white logo

FortiGate-7000E Administration Guide

Configuring VDOMs on individual FPMs to send logs to different syslog servers

Configuring VDOMs on individual FPMs to send logs to different syslog servers

The following steps describe how to override the global syslog configuration for individual VDOMs on individual FPMs. The example shows how to configure the root VDOMs on the each of the FPMs in a FortiGate-7040E to send log messages to different syslog servers. Each root VDOM connects to a syslog server through a root VDOM data interface. This procedure assumes you have the following two syslog servers:

syslog server IP address

Intended use

172.25.176.220

The root VDOM on the FPM in slot 3 sends log messages to this syslog server.

172.25.176.230

The root VDOM on the FPM in slot 4 sends log messages to this syslog server.

Note

This configuration is only supported for syslogd and not for syslogd2, syslogd3, and syslogd4.

  1. Log into the primary FIM CLI using the FortiGate-7040E management IP address.

  2. Use the following command to prevent the FortiGate-7040E from synchronizing syslog override settings between FPMs:

    config global

    config system vdom-exception

    edit 1

    set object log.syslogd.override-setting

    end

    end

  3. Log into the CLI of the FPM in slot 3:

    For example you can start a new SSH connection using the special management port for slot 3:

    ssh <management-ip>:2203

    Or you can use the following command from the global primary FIM CLI:

    execute load-balance slot manage 3

    Note

    The system will log you out of the CLI of the FPM in slot 3 in less than 60 seconds. You should have enough time to complete the following steps. If you run out of time on your first attempt, you can keep trying until you succeed.

  4. Access the root VDOM of the FPM in slot 3 and enable overriding the syslog configuration for the root VDOM.

    config vdom

    edit root

    config log setting

    set syslog-override enable

    end

    A message similar to the following appears; which you can ignore:

    Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.

  5. Configure syslog override to send log messages to a syslog server with IP address 172.25.176.220:

    config log syslogd override-setting

    set status enable

    set server 172.25.176.220

    end

    A message similar to the following appears; which you can ignore:

    Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.

  6. Use the exit command to log out of the FPM CLI. Otherwise you are logged out of the FPM CLI in less than a minute.
  7. Access the root VDOM of the FPM in slot 4 and enable overriding the syslog configuration for the root VDOM.

    config vdom

    edit root

    config log setting

    set syslog-override enable

    end

    A message similar to the following appears; which you can ignore:

    Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.

  8. Configure FortiAnalyzer override to send log messages to a FortiAnalyzer with IP address 172.25.176.130:

    config log syslogd override-setting

    set status enable

    set server 172.25.176.230

    end

    A message similar to the following appears; which you can ignore:

    Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.

  9. Use the exit command to log out of the FPM CLI. Otherwise you are logged out of the FPM CLI in less than a minute.

Configuring VDOMs on individual FPMs to send logs to different syslog servers

Configuring VDOMs on individual FPMs to send logs to different syslog servers

The following steps describe how to override the global syslog configuration for individual VDOMs on individual FPMs. The example shows how to configure the root VDOMs on the each of the FPMs in a FortiGate-7040E to send log messages to different syslog servers. Each root VDOM connects to a syslog server through a root VDOM data interface. This procedure assumes you have the following two syslog servers:

syslog server IP address

Intended use

172.25.176.220

The root VDOM on the FPM in slot 3 sends log messages to this syslog server.

172.25.176.230

The root VDOM on the FPM in slot 4 sends log messages to this syslog server.

Note

This configuration is only supported for syslogd and not for syslogd2, syslogd3, and syslogd4.

  1. Log into the primary FIM CLI using the FortiGate-7040E management IP address.

  2. Use the following command to prevent the FortiGate-7040E from synchronizing syslog override settings between FPMs:

    config global

    config system vdom-exception

    edit 1

    set object log.syslogd.override-setting

    end

    end

  3. Log into the CLI of the FPM in slot 3:

    For example you can start a new SSH connection using the special management port for slot 3:

    ssh <management-ip>:2203

    Or you can use the following command from the global primary FIM CLI:

    execute load-balance slot manage 3

    Note

    The system will log you out of the CLI of the FPM in slot 3 in less than 60 seconds. You should have enough time to complete the following steps. If you run out of time on your first attempt, you can keep trying until you succeed.

  4. Access the root VDOM of the FPM in slot 3 and enable overriding the syslog configuration for the root VDOM.

    config vdom

    edit root

    config log setting

    set syslog-override enable

    end

    A message similar to the following appears; which you can ignore:

    Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.

  5. Configure syslog override to send log messages to a syslog server with IP address 172.25.176.220:

    config log syslogd override-setting

    set status enable

    set server 172.25.176.220

    end

    A message similar to the following appears; which you can ignore:

    Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.

  6. Use the exit command to log out of the FPM CLI. Otherwise you are logged out of the FPM CLI in less than a minute.
  7. Access the root VDOM of the FPM in slot 4 and enable overriding the syslog configuration for the root VDOM.

    config vdom

    edit root

    config log setting

    set syslog-override enable

    end

    A message similar to the following appears; which you can ignore:

    Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.

  8. Configure FortiAnalyzer override to send log messages to a FortiAnalyzer with IP address 172.25.176.130:

    config log syslogd override-setting

    set status enable

    set server 172.25.176.230

    end

    A message similar to the following appears; which you can ignore:

    Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.

  9. Use the exit command to log out of the FPM CLI. Otherwise you are logged out of the FPM CLI in less than a minute.