log setting remote

Variable	Description	Default
<log-destination_index>	Type an index number to identify these remote logging settings.
certificate <certificate_name>	Enter the certificate used by TLS to encrypt the Syslog session to the remote Syslog server. This setting is available if `syslog-mode` is `tcp-tls`.
comma-separated-value {enable \| disable}	Enable if you want to send log messages in comma-separated value (CSV) format. Note: Do not enable this option if the log destination is a FortiAnalyzer unit. FortiAnalyzer units do not support logs in CSV format.	disable
comment <comment_str>	Enter a descriptive comment.
encryption-log-status {enable \| disable}	Enable or disable IBE event logging to a remote Syslog server or FortiAnalyzer unit. See also system encryption ibe.	disable
event-log-category [{imap pop3 smtp webmail}]	Type all of the mail daemon log types and subtypes that you want to record to this storage location. Separate each type with a space. `imap`: IMAP events. `pop3`: POP3 events. `smtp`: SMTP relay or proxy events. See also history-log-status {enable \| disable}. `webmail`: FortiMail webmail events.
event-log-status {enable \| disable}	Enable or disable event logging to a remote Syslog server or FortiAnalyzer unit.	disable
facility {alert \| audit \| auth \| authpriv \| clock \| cron \| daemon \| ftp \| kern \| local0 \| local1 \| local2 \| local3 \| local4 \| local5 \| local6 \| local7 \| lpr \| mail \| news \| ntp}	Type the facility identifier that the FortiMail unit will use to identify itself when sending log messages to the Syslog server. To easily identify log messages from the FortiMail unit when they are stored on the Syslog server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier.	kern
hash-algorithm {sha1 \|sha256}	Select the hash algorithm to use in OFTPS encryption. This setting is available if `protocol` is `oftps`.	sha1
history-log-status {enable \| disable}	Enable to log both successful and unsuccessful attempts by the built-in MTA or SMTP proxy to deliver email. See also event-log-category [{imap pop3 smtp webmail}].	disable
loglevel {alert \| critical \| debug \| emergency \| error \| information \| notification \| warning}	Type one of the following severity levels: `emergency` `alert` `critical` `error` `warning` `notification` `information` `debug` This log destination will receive log messages greater than or equal to this severity level. For details, see the FortiMail Administration Guide.	information
matched-session-status {enable \| disable}	Enable to send only matching session logs to the remote server. Otherwise, FortiMail will send all logs. This option appears if you enabled advanced MTA control.	disable
name <log-destination_name>	Enter a unique name for this configuration.
port <port_int>	If the remote host is a FortiAnalyzer unit, type `514`. If the remote host is a Syslog server, type the port number on which the Syslog server listens.	514
protocol {syslog \| oftps}	Enter the protocol used to communicate with the remote log server. `syslog`: Any compatible third-party Syslog server or FortiAnalyzer. If the server uses Syslog over TCP or secure transport, also configure syslog-mode {tcp \| tcp-tls \| udp}. `oftps`: FortiAnalyzer only.	syslog
server <syslog_ipv4>	Type the IPv4, IPv6, or domain name (FQDN) address of the Syslog server or FortiAnalyzer unit.
spam-log-status {enable \| disable}	Enable to log all antispam events.	disable
status {enable \| disable}	Enable to send log messages to a remote Syslog server or FortiAnalyzer unit.	disable
sysevent-log-category [{admin configuration configuration-user dns ha system update}]	Type all of the system event log types and subtypes that you want to record to this storage location. Separate each type with a space. `admin`: Administrative events such as logins and viewing log messages. `configuration`: Configuration changes by an administrator, such as editing policies, profiles, and domains. `configuration-user`: Configuration changes by a quarantine or webmail user, such as personal safe/block lists. `dns`: DNS queries. `ha`: High availability (HA) activity. `system`: System events, such as rebooting the FortiMail unit or IP address configuration via DHCP. Note: This category does not include events from mail daemons, which are configured in event-log-category [{imap pop3 smtp webmail}]. `update`: Both successful and unsuccessful attempts to download firmware and FortiGuard updates.
sysevent-log-status {enable \| disable}	Enable to log system events.	disable
syslog-mode {tcp \| tcp-tls \| udp}	Enter the transport-layer protocol used for delivering the log to the remote Syslog server: `udp`: Fast but less reliable: the server does not confirm if it did not correctly receive the log message. `tcp`: Slower, but more reliable: the server asks the FortiMail unit to retransmit if the server did not correctly receive the log message. `tcp-tls`: Like TCP, but more secure. Data in the channel is encrypted during transit using TLS. FortiMail requires that the server present a valid certificate to identify itself, and the server may also require that FortiMail unit present a valid client certificate to authenticate. Otherwise, the connection fails. Also configure certificate <certificate_name>	udp
virus-log-status {enable \| disable}	Enable to log all antivirus events.	disable

Syntax

config log setting remote

edit <log-destination_index>

set certificate <certificate_name>

set comma-separated-value {enable | disable}

set comment <comment_str>

set encryption-log-status {enable | disable}

set event-log-category [{imap pop3 smtp webmail}]

set event-log-status {enable | disable}

set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kern | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp}

set hash-algorithm {sha1 |sha256}

set history-log-status {enable | disable}

set loglevel {alert | critical | debug | emergency | error | information | notification | warning}

set matched-session-status {enable | disable}

set name <log-destination_name>

set port <port_int>

set protocol {syslog | oftps}

set server <syslog_ipv4>

set spam-log-status {enable | disable}

set status {enable | disable}

set sysevent-log-category [{admin configuration configuration-user dns ha system update}]

set sysevent-log-status {enable | disable}

set syslog-mode {tcp | tcp-tls | udp}

set virus-log-status {enable | disable}

end

Variable	Description	Default
<log-destination_index>	Type an index number to identify these remote logging settings.
certificate <certificate_name>	Enter the certificate used by TLS to encrypt the Syslog session to the remote Syslog server. This setting is available if `syslog-mode` is `tcp-tls`.
comma-separated-value {enable \| disable}	Enable if you want to send log messages in comma-separated value (CSV) format. Note: Do not enable this option if the log destination is a FortiAnalyzer unit. FortiAnalyzer units do not support logs in CSV format.	disable
comment <comment_str>	Enter a descriptive comment.
encryption-log-status {enable \| disable}	Enable or disable IBE event logging to a remote Syslog server or FortiAnalyzer unit. See also system encryption ibe.	disable
event-log-category [{imap pop3 smtp webmail}]	Type all of the mail daemon log types and subtypes that you want to record to this storage location. Separate each type with a space. `imap`: IMAP events. `pop3`: POP3 events. `smtp`: SMTP relay or proxy events. See also history-log-status {enable \| disable}. `webmail`: FortiMail webmail events.
event-log-status {enable \| disable}	Enable or disable event logging to a remote Syslog server or FortiAnalyzer unit.	disable
facility {alert \| audit \| auth \| authpriv \| clock \| cron \| daemon \| ftp \| kern \| local0 \| local1 \| local2 \| local3 \| local4 \| local5 \| local6 \| local7 \| lpr \| mail \| news \| ntp}	Type the facility identifier that the FortiMail unit will use to identify itself when sending log messages to the Syslog server. To easily identify log messages from the FortiMail unit when they are stored on the Syslog server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier.	kern
hash-algorithm {sha1 \|sha256}	Select the hash algorithm to use in OFTPS encryption. This setting is available if `protocol` is `oftps`.	sha1
history-log-status {enable \| disable}	Enable to log both successful and unsuccessful attempts by the built-in MTA or SMTP proxy to deliver email. See also event-log-category [{imap pop3 smtp webmail}].	disable
loglevel {alert \| critical \| debug \| emergency \| error \| information \| notification \| warning}	Type one of the following severity levels: `emergency` `alert` `critical` `error` `warning` `notification` `information` `debug` This log destination will receive log messages greater than or equal to this severity level. For details, see the FortiMail Administration Guide.	information
matched-session-status {enable \| disable}	Enable to send only matching session logs to the remote server. Otherwise, FortiMail will send all logs. This option appears if you enabled advanced MTA control.	disable
name <log-destination_name>	Enter a unique name for this configuration.
port <port_int>	If the remote host is a FortiAnalyzer unit, type `514`. If the remote host is a Syslog server, type the port number on which the Syslog server listens.	514
protocol {syslog \| oftps}	Enter the protocol used to communicate with the remote log server. `syslog`: Any compatible third-party Syslog server or FortiAnalyzer. If the server uses Syslog over TCP or secure transport, also configure syslog-mode {tcp \| tcp-tls \| udp}. `oftps`: FortiAnalyzer only.	syslog
server <syslog_ipv4>	Type the IPv4, IPv6, or domain name (FQDN) address of the Syslog server or FortiAnalyzer unit.
spam-log-status {enable \| disable}	Enable to log all antispam events.	disable
status {enable \| disable}	Enable to send log messages to a remote Syslog server or FortiAnalyzer unit.	disable
sysevent-log-category [{admin configuration configuration-user dns ha system update}]	Type all of the system event log types and subtypes that you want to record to this storage location. Separate each type with a space. `admin`: Administrative events such as logins and viewing log messages. `configuration`: Configuration changes by an administrator, such as editing policies, profiles, and domains. `configuration-user`: Configuration changes by a quarantine or webmail user, such as personal safe/block lists. `dns`: DNS queries. `ha`: High availability (HA) activity. `system`: System events, such as rebooting the FortiMail unit or IP address configuration via DHCP. Note: This category does not include events from mail daemons, which are configured in event-log-category [{imap pop3 smtp webmail}]. `update`: Both successful and unsuccessful attempts to download firmware and FortiGuard updates.
sysevent-log-status {enable \| disable}	Enable to log system events.	disable
syslog-mode {tcp \| tcp-tls \| udp}	Enter the transport-layer protocol used for delivering the log to the remote Syslog server: `udp`: Fast but less reliable: the server does not confirm if it did not correctly receive the log message. `tcp`: Slower, but more reliable: the server asks the FortiMail unit to retransmit if the server did not correctly receive the log message. `tcp-tls`: Like TCP, but more secure. Data in the channel is encrypted during transit using TLS. FortiMail requires that the server present a valid certificate to identify itself, and the server may also require that FortiMail unit present a valid client certificate to authenticate. Otherwise, the connection fails. Also configure certificate <certificate_name>	udp
virus-log-status {enable \| disable}	Enable to log all antivirus events.	disable

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

log setting remote

Syntax

Related topics

log setting remote

log setting remote

Syntax

Related topics