log setting remote

Variable	Description	Default
<log-destination_index>	Type an index number to identify these remote logging settings.
certificate <certificate_name>	Enter the certificate used by TLS to encrypt the Syslog session to the remote Syslog server. This setting is available if `syslog-mode` is `tcp-tls`.
comma-separated-value {enable \| disable}	Enable if you want to send log messages in comma-separated value (CSV) format. Note: Do not enable this option if the log destination is a FortiAnalyzer unit. FortiAnalyzer units do not support logs in CSV format.	disable
comment <comment_str>	Enter a descriptive comment.
encryption-log-status {enable \| disable}	Enable or disable IBE event logging to a remote Syslog server or FortiAnalyzer unit. See also system encryption ibe.	disable
event-log-category [{imap pop3 smtp webmail}]	Type all of the mail daemon log types and subtypes that you want to record to this storage location. Separate each type with a space. `imap`: IMAP events. `pop3`: POP3 events. `smtp`: SMTP relay or proxy events. See also history-log-status {enable \| disable}. `webmail`: FortiMail webmail events.
event-log-status {enable \| disable}	Enable or disable event logging to a remote Syslog server or FortiAnalyzer unit.	disable
facility {alert \| audit \| auth \| authpriv \| clock \| cron \| daemon \| ftp \| kern \| local0 \| local1 \| local2 \| local3 \| local4 \| local5 \| local6 \| local7 \| lpr \| mail \| news \| ntp}	Type the facility identifier that the FortiMail unit will use to identify itself when sending log messages to the Syslog server. To easily identify log messages from the FortiMail unit when they are stored on the Syslog server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier.	kern
hash-algorithm {sha1 \|sha256}	Select the hash algorithm to use in OFTPS encryption. This setting is available if `protocol` is `oftps`.	sha1
history-log-status {enable \| disable}	Enable to log both successful and unsuccessful attempts by the built-in MTA or SMTP proxy to deliver email. See also event-log-category [{imap pop3 smtp webmail}].	disable
loglevel {alert \| critical \| debug \| emergency \| error \| information \| notification \| warning}	Type one of the following severity levels: `emergency` `alert` `critical` `error` `warning` `notification` `information` `debug` This log destination will receive log messages greater than or equal to this severity level. For details, see the FortiMail Administration Guide.	information
matched-session-status {enable \| disable}	Enable to send only matching session logs to the remote server. Otherwise, FortiMail will send all logs. This option appears if you enabled advanced MTA control.	disable
name <log-destination_name>	Enter a unique name for this configuration.
port <port_int>	If the remote host is a FortiAnalyzer unit, type `514`. If the remote host is a Syslog server, type the port number on which the Syslog server listens.	514
protocol {syslog \| oftps}	Enter the protocol used to communicate with the remote log server. `syslog`: Any compatible third-party Syslog server or FortiAnalyzer. If the server uses Syslog over TCP or secure transport, also configure syslog-mode {tcp \| tcp-tls \| udp}. `oftps`: FortiAnalyzer only.	syslog
server <syslog_ipv4>	Type the IPv4, IPv6, or domain name (FQDN) address of the Syslog server or FortiAnalyzer unit.
spam-log-status {enable \| disable}	Enable to log all antispam events.	disable
status {enable \| disable}	Enable to send log messages to a remote Syslog server or FortiAnalyzer unit.	disable
sysevent-log-category [{admin configuration configuration-user dns ha system update}]	Type all of the system event log types and subtypes that you want to record to this storage location. Separate each type with a space. `admin`: Administrative events such as logins and viewing log messages. `configuration`: Configuration changes by an administrator, such as editing policies, profiles, and domains. `configuration-user`: Configuration changes by a quarantine or webmail user, such as personal safe/block lists. `dns`: DNS queries. `ha`: High availability (HA) activity. `system`: System events, such as rebooting the FortiMail unit or IP address configuration via DHCP. Note: This category does not include events from mail daemons, which are configured in event-log-category [{imap pop3 smtp webmail}]. `update`: Both successful and unsuccessful attempts to download firmware and FortiGuard updates.
sysevent-log-status {enable \| disable}	Enable to log system events.	disable
syslog-mode {tcp \| tcp-tls \| udp}	Enter the transport-layer protocol used for delivering the log to the remote Syslog server: `udp`: Fast but less reliable: the server does not confirm if it did not correctly receive the log message. `tcp`: Slower, but more reliable: the server asks the FortiMail unit to retransmit if the server did not correctly receive the log message. `tcp-tls`: Like TCP, but more secure. Data in the channel is encrypted during transit using TLS. FortiMail requires that the server present a valid certificate to identify itself, and the server may also require that FortiMail unit present a valid client certificate to authenticate. Otherwise, the connection fails. Also configure certificate <certificate_name>	udp
virus-log-status {enable \| disable}	Enable to log all antivirus events.	disable

CLI Reference

log setting remote

Syntax

Related topics

log setting remote

Syntax

Related topics