Configuring multiple FortiAnalyzers (or syslog servers) per VDOM
In a VDOM, multiple FortiAnalyzer and syslog servers can be configured as follows:
-
Up to three override FortiAnalyzer servers
-
Up to four override syslog servers
If the VDOM faz-override
and/or syslog-override
setting is enabled or disabled (default) before upgrading, the setting remains the same after upgrading.
If the override setting is disabled, the GUI displays the global FortiAnalyzer1 or syslog1 setting. If the override setting is enabled, the GUI displays the VDOM override FortiAnalyzer1 or syslog1 setting.
You can only use CLI to enable the override to support multiple log servers.
To enable FortiAnalyzer and syslog server override under VDOM:
config log setting set faz-override enable set syslog-override enable end
When faz-override
and/or syslog-override
is enabled, the following CLI commands are available for configuring VDOM override:
To configure VDOM override for FortiAnalyzer:
-
Configure the FortiAnalyzer override settings:
config log fortianalyzer/fortianalyzer2/fortianalyzer3 override-setting set status enable set server "123.12.123.123" set reliable enable end
-
Configure the override filters:
config log fortianalyzer/fortianalyzer2/fortianalyzer3 override-filter set severity information set forward-traffic enable set local-traffic enable set multicast-traffic enable set sniffer-traffic enable set anomaly enable set voip enable set dlp-archive enable set dns enable set ssh enable set ssl enable end
To configure VDOM override for a syslog server:
-
Configure the syslog override settings:
config log syslogd/syslogd2/syslogd3/syslogd4 override-setting set status enable set server "123.12.123.12" set facility local1 end
-
Configure the override filters:
config log syslogd/syslogd2/syslogd3/syslogd4 override-filter set severity information set forward-traffic enable set local-traffic enable set multicast-traffic enable set sniffer-traffic enable set anomaly enable set voip enable set dns enable set ssh enable set ssl enable end