Configuring VDOMs on individual FPMs to send logs to different syslog servers
The following steps describe how to override the global syslog configuration for individual VDOMs on individual FPMs. The example shows how to configure the root VDOMs on the each of the FPMs in a FortiGate-7040E to send log messages to different syslog servers. Each root VDOM connects to a syslog server through a root VDOM data interface. This procedure assumes you have the following two syslog servers:
syslog server IP address |
Intended use |
---|---|
172.25.176.220 |
The root VDOM on the FPM in slot 3 sends log messages to this syslog server. |
172.25.176.230 |
The root VDOM on the FPM in slot 4 sends log messages to this syslog server. |
This configuration is only supported for |
-
Log into the primary FIM CLI using the FortiGate-7040E management IP address.
-
Use the following command to prevent the FortiGate-7040E from synchronizing syslog override settings between FPMs:
config global
config system vdom-exception
edit 1
set object log.syslogd.override-setting
end
end
-
Log into the CLI of the FPM in slot 3:
For example you can start a new SSH connection using the special management port for slot 3:
ssh <management-ip>:2203
Or you can use the following command from the global primary FIM CLI:
execute load-balance slot manage 3
The system will log you out of the CLI of the FPM in slot 3 in less than 60 seconds. You should have enough time to complete the following steps. If you run out of time on your first attempt, you can keep trying until you succeed.
-
Access the root VDOM of the FPM in slot 3 and enable overriding the syslog configuration for the root VDOM.
config vdom
edit root
config log setting
set syslog-override enable
end
A message similar to the following appears; which you can ignore:
Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.
-
Configure syslog override to send log messages to a syslog server with IP address 172.25.176.220:
config log syslogd override-setting
set status enable
set server 172.25.176.220
end
A message similar to the following appears; which you can ignore:
Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.
- Use the
exit
command to log out of the FPM CLI. Otherwise you are logged out of the FPM CLI in less than a minute. -
Access the root VDOM of the FPM in slot 4 and enable overriding the syslog configuration for the root VDOM.
config vdom
edit root
config log setting
set syslog-override enable
end
A message similar to the following appears; which you can ignore:
Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.
-
Configure FortiAnalyzer override to send log messages to a FortiAnalyzer with IP address 172.25.176.130:
config log syslogd override-setting
set status enable
set server 172.25.176.230
end
A message similar to the following appears; which you can ignore:
Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.
- Use the
exit
command to log out of the FPM CLI. Otherwise you are logged out of the FPM CLI in less than a minute.