log setting remote
Use this command to configure remote log message storage, either on a Syslog server or FortiAnalyzer unit.
Syntax
config log setting remote
edit <log-destination_index>
set certificate <certificate>
set comma-separated-value {enable | disable}
set encryption-log-status {enable | disable}
set event-log-category {admin configuration ha | imap pop3 smtp system update webmail}
set event-log-status {enable | disable}
set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kern | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp}
set history-log-status {enable | disable}
set loglevel {alert | critical | debug | emergency | error | information | notification | warning}
set matched-session-status {enable | disable}
set port <port_int>
set protocol {syslog | cftps}
set server <log_ipv4>
set spam-log-status {enable | disable}
set status {enable | disable}
set sysevent-log-category {admin | configuration | dns | ha | system | update}
set sysevent-log-status {enable | disable}
set syslog-mode {tcp | tcp-tls | udp}
set virus-log-status {enable | disable}
end
<log-destination_index>
|
Type an index number to identify which remote Syslog server or FortiAnalyzer unit you are configuring.
|
|
certificate <certificate>
|
The certificate used by the Syslog-TLS connection to encrypt the log before delivery to the remote Syslog server.
This option is only available when syslog-mode is set to tcp-tls .
|
|
comma-separated-value {enable | disable}
|
Enable if you want to send log messages in comma-separated value (CSV) format.
Note: Do not enable this option if the log destination is a FortiAnalyzer unit. FortiAnalyzer units do not support CSV format logs.
|
disable
|
encryption-log-status {enable | disable}
|
Enable or disable IBE event logging to a remote Syslog server or FortiAnalyzer unit.
|
disable
|
event-log-category {admin configuration ha | imap pop3 smtp system update webmail}
|
Type all of the log types and subtypes that you want to record to this storage location. Separate each type with a space.
-
admin : Log all administrative events, such as logins, resets, and configuration updates.
-
configuration : Enable to log configuration changes.
-
ha : Log all high availability (HA) activity.
-
imap : Log all IMAP events.
-
pop3 : Log all POP3 events.
-
smtp : Log all SMTP relay or proxy events.
-
system : Log all system-related events, such as rebooting the FortiMail unit.
-
update : Log both successful and unsuccessful attempts to download FortiGuard updates.
-
webmail : Log all FortiMail webmail events.
|
|
event-log-status {enable | disable}
|
Enable or disable event logging to a remote Syslog server or FortiAnalyzer unit.
|
disable
|
facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kern | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp}
|
Type the facility identifier that the FortiMail unit will use to identify itself when sending log messages to the first Syslog server.
To easily identify log messages from the FortiWeb unit when they are stored on the Syslog server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier.
|
kern
|
history-log-status {enable | disable}
|
Enable to log both successful and unsuccessful attempts by the built-in MTA or proxies to deliver email.
|
disable
|
loglevel {alert | critical | debug | emergency | error | information | notification | warning}
|
Type one of the following severity levels:
-
emergency
-
alert
-
critical
-
error
-
warning
-
notification
-
information
-
debug
This log destination will receive log messages greater than or equal to this severity level.
|
information
|
matched-session-status {enable | disable}
|
Enable to log only matched sessions.
|
disable
|
port <port_int>
|
If the remote host is a FortiAnalyzer unit, type 514 . If the remote host is a Syslog server, type the UDP port number on which the Syslog server listens for connections.
|
514
|
protocol {syslog | cftps}
|
Enter the protocol used for remote logging.
|
syslog
|
server <log_ipv4>
|
Type the IP address of the Syslog server or FortiAnalyzer unit.
|
|
spam-log-status {enable | disable}
|
Enable to log all antispam events.
|
disable
|
status {enable | disable}
|
Enable to send log messages to a remote Syslog server or FortiAnalyzer unit.
|
disable
|
sysevent-log-category {admin | configuration | dns | ha | system | update}
|
Enter the system event log category to log.
|
|
sysevent-log-status {enable | disable}
|
Enable to log system events.
|
disable
|
syslog-mode {tcp | tcp-tls | udp}
|
Enter the protocol used for delivering the log to the remote Syslog server.
|
udp
|
virus-log-status {enable | disable}
|
Enable to log all antivirus events.
|
disable
|
Related topics
log setting local
log alertemail recipient
log alertemail setting