Fortinet white logo
Fortinet white logo

FortiGate-7000E Administration Guide

Configuring individual FPMs to send logs to different syslog servers

Configuring individual FPMs to send logs to different syslog servers

The following steps show how to configure the two FPMs in a FortiGate-7040E to send log messages to different syslog servers. The FPMs connect to the syslog servers through the FortiGate-7000E management interface. This procedure assumes you have the following three syslog servers:

syslog server IP address

Intended use

172.25.176.20

The FIMs send log messages to this syslog server.

172.25.176.200

The FPM in slot 3 sends log messages to this syslog server.

172.25.176.210

The FPM in slot 4 sends log messages to this syslog server.

This procedure involves creating a syslog configuration template on the primary FIM that is synchronized to the FPMs. You then log into each FPM and change the syslog server IP address to the address of the syslog server that the FPM should send log messages to.

Note

This configuration is only supported for syslogd and not for syslogd2, syslogd3, and syslogd4.

  1. Log into the primary FIM CLI using the FortiGate-7040E management IP address.

  2. Create a syslog configuration template on the primary FIM.

    config global

    config log syslogd setting

    set status enable

    set server 172.25.176.20

    end

    This configuration will be synchronized to all of the FIMs and FPMs.

  3. Enter the following command to prevent the FortiGate-7040E from synchronizing syslog settings between FIMs and FPMs:

    config system vdom-exception

    edit 1

    set object log.syslogd.setting

    end

  4. Log into the CLI of the FPM in slot 3:

    For example, you can start a new SSH connection using the special management port for slot 3:

    ssh <management-ip>:2203

    Or you can use the following command from the global primary FIM CLI:

    execute load-balance slot manage 3

    Note

    FortiOS will log you out of the CLI of the FPM in slot 3 in less than 60 seconds. You should have enough time to change the syslog server IP address as described in the next step, but not much else. If you run out of time on your first attempt, you can keep trying until you succeed.

  5. Change the syslog server IP address:

    config global

    config log syslogd setting

    set server 172.25.176.200

    end

    A message similar to the following appears; which you can ignore:

    Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.

  6. Use the exit command to log out of the FPM CLI. Otherwise you are logged out of the FPM CLI in less than a minute.

  7. Log into the CLI of the FPM in slot 4.

  8. Change the syslog server IP address:

    config global

    config log syslogd setting

    set server 172.25.176.210

    end

    A message similar to the following appears; which you can ignore:

    Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.

  9. Use the exit command to log out of the FPM CLI. Otherwise you are logged out of the FPM CLI in less than a minute.

Configuring individual FPMs to send logs to different syslog servers

Configuring individual FPMs to send logs to different syslog servers

The following steps show how to configure the two FPMs in a FortiGate-7040E to send log messages to different syslog servers. The FPMs connect to the syslog servers through the FortiGate-7000E management interface. This procedure assumes you have the following three syslog servers:

syslog server IP address

Intended use

172.25.176.20

The FIMs send log messages to this syslog server.

172.25.176.200

The FPM in slot 3 sends log messages to this syslog server.

172.25.176.210

The FPM in slot 4 sends log messages to this syslog server.

This procedure involves creating a syslog configuration template on the primary FIM that is synchronized to the FPMs. You then log into each FPM and change the syslog server IP address to the address of the syslog server that the FPM should send log messages to.

Note

This configuration is only supported for syslogd and not for syslogd2, syslogd3, and syslogd4.

  1. Log into the primary FIM CLI using the FortiGate-7040E management IP address.

  2. Create a syslog configuration template on the primary FIM.

    config global

    config log syslogd setting

    set status enable

    set server 172.25.176.20

    end

    This configuration will be synchronized to all of the FIMs and FPMs.

  3. Enter the following command to prevent the FortiGate-7040E from synchronizing syslog settings between FIMs and FPMs:

    config system vdom-exception

    edit 1

    set object log.syslogd.setting

    end

  4. Log into the CLI of the FPM in slot 3:

    For example, you can start a new SSH connection using the special management port for slot 3:

    ssh <management-ip>:2203

    Or you can use the following command from the global primary FIM CLI:

    execute load-balance slot manage 3

    Note

    FortiOS will log you out of the CLI of the FPM in slot 3 in less than 60 seconds. You should have enough time to change the syslog server IP address as described in the next step, but not much else. If you run out of time on your first attempt, you can keep trying until you succeed.

  5. Change the syslog server IP address:

    config global

    config log syslogd setting

    set server 172.25.176.200

    end

    A message similar to the following appears; which you can ignore:

    Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.

  6. Use the exit command to log out of the FPM CLI. Otherwise you are logged out of the FPM CLI in less than a minute.

  7. Log into the CLI of the FPM in slot 4.

  8. Change the syslog server IP address:

    config global

    config log syslogd setting

    set server 172.25.176.210

    end

    A message similar to the following appears; which you can ignore:

    Please change configuration on FIMs. Changing configuration on FPMs may cause confsync out of sync for a while.

  9. Use the exit command to log out of the FPM CLI. Otherwise you are logged out of the FPM CLI in less than a minute.