Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

locallog

Use the following commands to configure local log settings.

locallog setting

Use this command to configure locallog logging settings.

Syntax

config system locallog setting

set log-interval-dev-no-logging <integer>

set log-interval-disk-full <integer>

set log-interval-gbday-exceeded <integer>

end

Variable

Description

log-interval-dev-no-logging <integer>

Interval in minute for logging the event of no logs received from a device. Default: 5.

log-interval-disk-full <integer>

Interval in minute for logging the event of disk full. Default: 5.

log-interval-gbday-exceeded <integer>

Interval in minute for logging the event of the GB/Day license exceeded. Default: 1440.

locallog disk setting

Use this command to configure the disk settings for uploading log files, including configuring the severity of log levels.

  • status must be enabled to view diskfull, max-log-file-size and upload variables.
  • upload must be enabled to view/set other upload* variables.

Syntax

config system locallog disk setting

set status {enable | disable}

set severity {alert | critical | debug | emergency | error | information | notification | warning}

set max-log-file-size <integer>

set roll-schedule {none | daily | weekly}

set roll-day <string>

set roll-time <hh:mm>

set diskfull {nolog | overwrite}

set log-disk-full-percentage <integer>

set upload {disable | enable}

set uploadip <ipv4_address>

set server-type {FAZ | FTP | SCP | SFTP}

set uploadport <integer>

set uploaduser <string>

set uploadpass <passwd>

set uploaddir <string>

set uploadtype <event>

set uploadzip {disable | enable}

set uploadsched {disable | enable}

set upload-time <hh:mm>

set upload-delete-files {disable | enable}

end

Variable

Description

status {enable | disable}

Enable or disable logging to the local disk. Default: disable

severity {alert | critical | debug | emergency | error | information | notification | warning}

Select the logging severity level. The FortiManager unit logs all messages at and above the logging severity level you select. For example, if you select critical, the unit logs critical, alert and emergency level messages.

The logging levels in descending order are:

  • emergency: The unit is unusable.
  • alert: Immediate action is required (default).
  • critical: Functionality is affected.
  • error: Functionality is probably affected.
  • warning: Functionality might be affected.
  • notification: Information about normal events.
  • information: General information about unit operations.
  • debug: Information used for diagnosis or debugging.

max-log-file-size <integer>

Enter the size at which the log is rolled.

Range: 1 to 1024 (MB)

Default: 100

roll-schedule {none | daily | weekly}

Enter the period for the scheduled rolling of a log file. If roll-schedule is none, the log rolls when max-log-file-size is reached. The following options are available:

  • none: Not scheduled (default).
  • daily: Every day.
  • weekly: Every week.

roll-day <string>

Enter the day for the scheduled rolling of a log file.

roll-time <hh:mm>

Enter the time for the scheduled rolling of a log file.

diskfull {nolog | overwrite}

Enter action to take when the disk is full:

  • nolog: stop logging
  • overwrite: overwrites oldest log entries (default)

log-disk-full-percentage <integer>

Enter the percentage at which the log disk will be considered full (50-90%).

upload {disable | enable}

Enable or disable uploading of logs when rolling log files. Default: disable

uploadip <ipv4_address>

Enter IPv4 address of the destination server. Default: 0.0.0.0

server-type {FAZ | FTP | SCP | SFTP}

Enter the server type to use to store the logs:

  • FAZ: Upload to FortiAnalyzer.
  • FTP: Upload via FTP.
  • SCP: Upload via SCP.
  • SFTP: Upload via SFTP.

uploadport <integer>

Enter the port to use when communicating with the destination server. Default: 21. Range: 1 to 65535

uploaduser <string>

Enter the user account on the destination server.

uploadpass <passwd>

Enter the password of the user account on the destination server. Character limit: 127

uploaddir <string>

Enter the destination directory on the remote server.

uploadtype <event>

Enter to upload the event log files. Default: event

uploadzip {disable | enable}

Enable to compress uploaded log files. Default: disable

uploadsched {disable | enable}

Enable to schedule log uploads. The following options are available:

  • disable: Upload when rolling.
  • enable: Scheduled upload.

upload-time <hh:mm>

Enter to configure when to schedule an upload.

upload-delete-files {disable | enable}

Enable or disable deleting log files after uploading. Default: enable

Example

In this example, the logs are uploaded to an upload server and are not deleted after they are uploaded.

config system locallog disk setting

set status enable

set severity information

set max-log-file-size 1000MB

set roll-schedule daily

set upload enable

set uploadip 10.10.10.1

set uploadport port 443

set uploaduser myname2

set uploadpass 12345

set uploadtype event

set uploadzip enable

set uploadsched enable

set upload-time 06:45

set upload-delete-file disable

end

locallog filter

Use this command to configure filters for local logs. All keywords are visible only when event is enabled.

Syntax

config system locallog [memory | disk | fortianalyzer | fortianalyzer2 | fortianalyzer3 | syslogd | syslogd2 | syslogd3] filter

set devcfg {disable | enable}

set devops {disable | enable}

set dm {disable | enable}

set dvm {disable | enable}

set epmgr {disable | enable}

set event {disable | enable}

set faz {enable | disable|

set fgd {disable | enable}

set fgfm {disable | enable}

set fips {disable | enable}

set fmgws {disable | enable}

set fmlmgr {disable | enable}

set fmwmgr {disable | enable}

set glbcfg {disable | enable}

set ha {disable | enable}

set iolog {disable | enable}

set logd {disable | enable}

set lrmgr {disable | enable}

set objcfg {disable | enable}

set rev {disable | enable}

set rtmon {disable | enable}

set scfw {disable | enable}

set scply {disable | enable}

set scrmgr {disable | enable}

set scvpn {disable | enable}

set system {disable | enable}

set webport {disable | enable}

end

Variable

Description

devcfg {disable | enable}

Enable to log device configuration messages.

devops {disable | enable}

Enable managed devices operations messages.

dm {disable | enable}

Enable to log deployment manager messages. Default: disable

dvm {disable | enable}

Enable to log device manager messages. Default: disable

epmgr {disable | enable}

Enable to log endpoint manager messages. Default: disable

event {disable | enable}

Enable to configure log filter messages. Default: disable

faz {enable | disable|

Enable to log FortiAnalyzer messages. Default: disable

fgd {disable | enable}

Enable to log FortiGuard service messages. Default: disable

fgfm {disable | enable}

Enable to log FortiGate/FortiManager communication protocol messages. Default: disable

fips {disable | enable}

Enable to log FIPS messages. Default: disable

fmgws {disable | enable}

Enable to log web service messages. Default: disable

fmlmgr {disable | enable}

Enable to log FortiMail manager messages. Default: disable

fmwmgr {disable | enable}

Enable to log firmware manager messages. Default: disable

glbcfg {disable | enable}

Enable to log global database messages. Default: disable

ha {disable | enable}

Enable to log high availability activity messages. Default: disable

iolog {disable | enable}

Enable input/output log activity messages. Default: disable

logd {disable | enable}

Enable logd messages. Default: disable

lrmgr {disable | enable}

Enable to log log and report manager messages. Default: disable

objcfg {disable | enable}

Enable to log object configuration. Default: disable

rev {disable | enable}

Enable to log revision history messages. Default: disable

rtmon {disable | enable}

Enable to log real-time monitor messages. Default: disable

scfw {disable | enable}

Enable to log firewall objects messages. Default: disable

scply {disable | enable}

Enable to log policy console messages. Default: disable

scrmgr {disable | enable}

Enable to log script manager messages. Default: disable

scvpn {disable | enable}

Enable to log VPN console messages. Default: disable

system {disable | enable}

Enable to log system manager messages. Default: disable

webport {disable | enable}

Enable to log web portal messages. Default: disable

Example

In this example, the local log filters are log and report manager, and system settings. Events in these areas of the FortiManager unit will be logged.

config system locallog filter

set event enable

set lrmgr enable

set system enable

end

locallog fortianalyzer (fortianalyzer2, fortianalyzer3) setting

Use this command to enable or disable, and select the severity threshold of, remote logging to the FortiAnalyzer units. You can configure up to three FortiAnalyzer devices.

The severity threshold required to forward a log message to the FortiAnalyzer unit is separate from event, syslog, and local logging severity thresholds.

Syntax

config system locallog {fortianalyzer | fortianalyzer2 | fortianalyzer3} setting

set severity {emergency | alert | critical | error | warning | notification | information | debug}

set server-ip <ip>

ser secure-connection {enable | disable}

set status {disable | realtime | upload}

set upload-time <hh:mm>

end

Variable

Description

severity {emergency | alert | critical | error | warning | notification | information | debug}

Enter the severity threshold that a log message must meet or exceed to be logged to the unit. The following options are available:

  • emergency: The unit is unusable.
  • alert: Immediate action is required (default).
  • critical: Functionality is affected.
  • error: Functionality is probably affected.
  • warning: Functionality might be affected.
  • notification: Information about normal events.
  • information: General information about unit operations.
  • debug: Information used for diagnosis or debugging.

server-ip <ip>

Set the remote FortiAnalyzer server IP address.

secure-connection {enable | disable}

Enable/disable connection secured by TLS/SSL.

status {disable | realtime | upload}

Set the log to FortiAnalyzer status. The following options are available:

  • disable: Do not log to FortiAnalyzer.
  • realtime: Log to FortiAnalyzer in realtime.
  • upload: Log to FortiAnalyzer at a scheduled time.

Default: disable

upload-time <hh:mm>

Set the time to upload local log files.

Example

You might enable remote logging to the FortiAnalyzer unit configured. Events at the information level and higher, which is everything except debug level events, would be sent to the FortiAnalyzer unit.

config system locallog fortianalyzer setting

set status enable

set severity information

end

locallog memory setting

Use this command to configure memory settings for local logging purposes.

Syntax

config system locallog memory setting

set diskfull {nolog | overwrite}

set severity {emergency | alert | critical | error | warning | notification | information | debug}

set status <disable | enable>

end

Variable

Description

diskfull {nolog | overwrite}

Enter the action to take when the disk is full:

  • nolog: Stop logging when disk full
  • overwrite: Overwrites oldest log entries

severity {emergency | alert | critical | error | warning | notification | information | debug}

Enter the log severity level to log files. The following options are available:

  • emergency: The unit is unusable.
  • alert: Immediate action is required (default).
  • critical: Functionality is affected.
  • error: Functionality is probably affected.
  • warning: Functionality might be affected.
  • notification: Information about normal events.
  • information: General information about unit operations.
  • debug: Information used for diagnosis or debugging.

status <disable | enable>

Enable or disable logging to the memory buffer. Default: disable

Example

This example shows how to enable logging to memory for all events at the notification level and above. At this level of logging, only information and debug events will not be logged.

config system locallog memory

set severity notification

set status enable

end

locallog syslogd (syslogd2, syslogd3) setting

Use this command to configure the settings for logging to a syslog server. You can configure up to three syslog servers; syslogd, syslogd2 and syslogd3.

Syntax

config system locallog {syslogd | syslogd2 | syslogd3} setting

set csv {disable | enable}

set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}

set severity {emergency | alert | critical | error | warning | notification | information | debug}

set status {enable | disable}

set syslog-name <string>

end

Variable

Description

csv {disable | enable}

Enable to produce the log in comma separated value (CSV) format. If you do not enable CSV format the FortiManager unit produces space separated log files. Default: disable

facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}

Enter the facility type. facility identifies the source of the log message to syslog. Change facility to distinguish log messages from different FortiManager units so you can determine the source of the log messages. Available facility types are:

  • alert: Log alert.
  • audit: Log audit.
  • auth: Security/authorization messages.
  • authpriv: Security/authorization messages (private).
  • clock: Clock daemon
  • cron: Clock daemon.
  • daemon: System daemons.
  • ftp: File Transfer Protocol (FTP) daemon
  • kernel: Kernel messages.
  • local0 tolocal7: reserved for local use (default)
  • lpr: Line printer subsystem.
  • mail: Mail system.
  • news: Network news subsystem.
  • ntp: Network Time Protocol (NTP) daemon
  • syslog: Messages generated internally by the syslog daemon.
  • user: Random user-level messages.
  • uucp: Network news subsystem.

severity {emergency | alert | critical | error | warning | notification | information | debug}

Select the logging severity level. The FortiManager unit logs all messages at and above the logging severity level you select. For example, if you select critical, the unit logs critical, alert and emergency level messages.

The logging levels in descending order are:

  • emergency: The unit is unusable.
  • alert: Immediate action is required.
  • critical: Functionality is affected.
  • error: Functionality is probably affected.
  • warning: Functionality might be affected.
  • notification: Information about normal events.
  • information: General information about unit operations.
  • debug: Information used for diagnosis or debugging.

status {enable | disable}

Enable or disable logging to the remote syslog server.

syslog-name <string>

Enter the remote syslog server name.

Example

In this example, the logs are uploaded to a syslog server at IPv4 address 10.10.10.8. The FortiManager unit is identified as facility local0.

config system locallog syslogd setting

set facility local0

set status enable

set severity information

end

locallog

Use the following commands to configure local log settings.

locallog setting

Use this command to configure locallog logging settings.

Syntax

config system locallog setting

set log-interval-dev-no-logging <integer>

set log-interval-disk-full <integer>

set log-interval-gbday-exceeded <integer>

end

Variable

Description

log-interval-dev-no-logging <integer>

Interval in minute for logging the event of no logs received from a device. Default: 5.

log-interval-disk-full <integer>

Interval in minute for logging the event of disk full. Default: 5.

log-interval-gbday-exceeded <integer>

Interval in minute for logging the event of the GB/Day license exceeded. Default: 1440.

locallog disk setting

Use this command to configure the disk settings for uploading log files, including configuring the severity of log levels.

  • status must be enabled to view diskfull, max-log-file-size and upload variables.
  • upload must be enabled to view/set other upload* variables.

Syntax

config system locallog disk setting

set status {enable | disable}

set severity {alert | critical | debug | emergency | error | information | notification | warning}

set max-log-file-size <integer>

set roll-schedule {none | daily | weekly}

set roll-day <string>

set roll-time <hh:mm>

set diskfull {nolog | overwrite}

set log-disk-full-percentage <integer>

set upload {disable | enable}

set uploadip <ipv4_address>

set server-type {FAZ | FTP | SCP | SFTP}

set uploadport <integer>

set uploaduser <string>

set uploadpass <passwd>

set uploaddir <string>

set uploadtype <event>

set uploadzip {disable | enable}

set uploadsched {disable | enable}

set upload-time <hh:mm>

set upload-delete-files {disable | enable}

end

Variable

Description

status {enable | disable}

Enable or disable logging to the local disk. Default: disable

severity {alert | critical | debug | emergency | error | information | notification | warning}

Select the logging severity level. The FortiManager unit logs all messages at and above the logging severity level you select. For example, if you select critical, the unit logs critical, alert and emergency level messages.

The logging levels in descending order are:

  • emergency: The unit is unusable.
  • alert: Immediate action is required (default).
  • critical: Functionality is affected.
  • error: Functionality is probably affected.
  • warning: Functionality might be affected.
  • notification: Information about normal events.
  • information: General information about unit operations.
  • debug: Information used for diagnosis or debugging.

max-log-file-size <integer>

Enter the size at which the log is rolled.

Range: 1 to 1024 (MB)

Default: 100

roll-schedule {none | daily | weekly}

Enter the period for the scheduled rolling of a log file. If roll-schedule is none, the log rolls when max-log-file-size is reached. The following options are available:

  • none: Not scheduled (default).
  • daily: Every day.
  • weekly: Every week.

roll-day <string>

Enter the day for the scheduled rolling of a log file.

roll-time <hh:mm>

Enter the time for the scheduled rolling of a log file.

diskfull {nolog | overwrite}

Enter action to take when the disk is full:

  • nolog: stop logging
  • overwrite: overwrites oldest log entries (default)

log-disk-full-percentage <integer>

Enter the percentage at which the log disk will be considered full (50-90%).

upload {disable | enable}

Enable or disable uploading of logs when rolling log files. Default: disable

uploadip <ipv4_address>

Enter IPv4 address of the destination server. Default: 0.0.0.0

server-type {FAZ | FTP | SCP | SFTP}

Enter the server type to use to store the logs:

  • FAZ: Upload to FortiAnalyzer.
  • FTP: Upload via FTP.
  • SCP: Upload via SCP.
  • SFTP: Upload via SFTP.

uploadport <integer>

Enter the port to use when communicating with the destination server. Default: 21. Range: 1 to 65535

uploaduser <string>

Enter the user account on the destination server.

uploadpass <passwd>

Enter the password of the user account on the destination server. Character limit: 127

uploaddir <string>

Enter the destination directory on the remote server.

uploadtype <event>

Enter to upload the event log files. Default: event

uploadzip {disable | enable}

Enable to compress uploaded log files. Default: disable

uploadsched {disable | enable}

Enable to schedule log uploads. The following options are available:

  • disable: Upload when rolling.
  • enable: Scheduled upload.

upload-time <hh:mm>

Enter to configure when to schedule an upload.

upload-delete-files {disable | enable}

Enable or disable deleting log files after uploading. Default: enable

Example

In this example, the logs are uploaded to an upload server and are not deleted after they are uploaded.

config system locallog disk setting

set status enable

set severity information

set max-log-file-size 1000MB

set roll-schedule daily

set upload enable

set uploadip 10.10.10.1

set uploadport port 443

set uploaduser myname2

set uploadpass 12345

set uploadtype event

set uploadzip enable

set uploadsched enable

set upload-time 06:45

set upload-delete-file disable

end

locallog filter

Use this command to configure filters for local logs. All keywords are visible only when event is enabled.

Syntax

config system locallog [memory | disk | fortianalyzer | fortianalyzer2 | fortianalyzer3 | syslogd | syslogd2 | syslogd3] filter

set devcfg {disable | enable}

set devops {disable | enable}

set dm {disable | enable}

set dvm {disable | enable}

set epmgr {disable | enable}

set event {disable | enable}

set faz {enable | disable|

set fgd {disable | enable}

set fgfm {disable | enable}

set fips {disable | enable}

set fmgws {disable | enable}

set fmlmgr {disable | enable}

set fmwmgr {disable | enable}

set glbcfg {disable | enable}

set ha {disable | enable}

set iolog {disable | enable}

set logd {disable | enable}

set lrmgr {disable | enable}

set objcfg {disable | enable}

set rev {disable | enable}

set rtmon {disable | enable}

set scfw {disable | enable}

set scply {disable | enable}

set scrmgr {disable | enable}

set scvpn {disable | enable}

set system {disable | enable}

set webport {disable | enable}

end

Variable

Description

devcfg {disable | enable}

Enable to log device configuration messages.

devops {disable | enable}

Enable managed devices operations messages.

dm {disable | enable}

Enable to log deployment manager messages. Default: disable

dvm {disable | enable}

Enable to log device manager messages. Default: disable

epmgr {disable | enable}

Enable to log endpoint manager messages. Default: disable

event {disable | enable}

Enable to configure log filter messages. Default: disable

faz {enable | disable|

Enable to log FortiAnalyzer messages. Default: disable

fgd {disable | enable}

Enable to log FortiGuard service messages. Default: disable

fgfm {disable | enable}

Enable to log FortiGate/FortiManager communication protocol messages. Default: disable

fips {disable | enable}

Enable to log FIPS messages. Default: disable

fmgws {disable | enable}

Enable to log web service messages. Default: disable

fmlmgr {disable | enable}

Enable to log FortiMail manager messages. Default: disable

fmwmgr {disable | enable}

Enable to log firmware manager messages. Default: disable

glbcfg {disable | enable}

Enable to log global database messages. Default: disable

ha {disable | enable}

Enable to log high availability activity messages. Default: disable

iolog {disable | enable}

Enable input/output log activity messages. Default: disable

logd {disable | enable}

Enable logd messages. Default: disable

lrmgr {disable | enable}

Enable to log log and report manager messages. Default: disable

objcfg {disable | enable}

Enable to log object configuration. Default: disable

rev {disable | enable}

Enable to log revision history messages. Default: disable

rtmon {disable | enable}

Enable to log real-time monitor messages. Default: disable

scfw {disable | enable}

Enable to log firewall objects messages. Default: disable

scply {disable | enable}

Enable to log policy console messages. Default: disable

scrmgr {disable | enable}

Enable to log script manager messages. Default: disable

scvpn {disable | enable}

Enable to log VPN console messages. Default: disable

system {disable | enable}

Enable to log system manager messages. Default: disable

webport {disable | enable}

Enable to log web portal messages. Default: disable

Example

In this example, the local log filters are log and report manager, and system settings. Events in these areas of the FortiManager unit will be logged.

config system locallog filter

set event enable

set lrmgr enable

set system enable

end

locallog fortianalyzer (fortianalyzer2, fortianalyzer3) setting

Use this command to enable or disable, and select the severity threshold of, remote logging to the FortiAnalyzer units. You can configure up to three FortiAnalyzer devices.

The severity threshold required to forward a log message to the FortiAnalyzer unit is separate from event, syslog, and local logging severity thresholds.

Syntax

config system locallog {fortianalyzer | fortianalyzer2 | fortianalyzer3} setting

set severity {emergency | alert | critical | error | warning | notification | information | debug}

set server-ip <ip>

ser secure-connection {enable | disable}

set status {disable | realtime | upload}

set upload-time <hh:mm>

end

Variable

Description

severity {emergency | alert | critical | error | warning | notification | information | debug}

Enter the severity threshold that a log message must meet or exceed to be logged to the unit. The following options are available:

  • emergency: The unit is unusable.
  • alert: Immediate action is required (default).
  • critical: Functionality is affected.
  • error: Functionality is probably affected.
  • warning: Functionality might be affected.
  • notification: Information about normal events.
  • information: General information about unit operations.
  • debug: Information used for diagnosis or debugging.

server-ip <ip>

Set the remote FortiAnalyzer server IP address.

secure-connection {enable | disable}

Enable/disable connection secured by TLS/SSL.

status {disable | realtime | upload}

Set the log to FortiAnalyzer status. The following options are available:

  • disable: Do not log to FortiAnalyzer.
  • realtime: Log to FortiAnalyzer in realtime.
  • upload: Log to FortiAnalyzer at a scheduled time.

Default: disable

upload-time <hh:mm>

Set the time to upload local log files.

Example

You might enable remote logging to the FortiAnalyzer unit configured. Events at the information level and higher, which is everything except debug level events, would be sent to the FortiAnalyzer unit.

config system locallog fortianalyzer setting

set status enable

set severity information

end

locallog memory setting

Use this command to configure memory settings for local logging purposes.

Syntax

config system locallog memory setting

set diskfull {nolog | overwrite}

set severity {emergency | alert | critical | error | warning | notification | information | debug}

set status <disable | enable>

end

Variable

Description

diskfull {nolog | overwrite}

Enter the action to take when the disk is full:

  • nolog: Stop logging when disk full
  • overwrite: Overwrites oldest log entries

severity {emergency | alert | critical | error | warning | notification | information | debug}

Enter the log severity level to log files. The following options are available:

  • emergency: The unit is unusable.
  • alert: Immediate action is required (default).
  • critical: Functionality is affected.
  • error: Functionality is probably affected.
  • warning: Functionality might be affected.
  • notification: Information about normal events.
  • information: General information about unit operations.
  • debug: Information used for diagnosis or debugging.

status <disable | enable>

Enable or disable logging to the memory buffer. Default: disable

Example

This example shows how to enable logging to memory for all events at the notification level and above. At this level of logging, only information and debug events will not be logged.

config system locallog memory

set severity notification

set status enable

end

locallog syslogd (syslogd2, syslogd3) setting

Use this command to configure the settings for logging to a syslog server. You can configure up to three syslog servers; syslogd, syslogd2 and syslogd3.

Syntax

config system locallog {syslogd | syslogd2 | syslogd3} setting

set csv {disable | enable}

set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}

set severity {emergency | alert | critical | error | warning | notification | information | debug}

set status {enable | disable}

set syslog-name <string>

end

Variable

Description

csv {disable | enable}

Enable to produce the log in comma separated value (CSV) format. If you do not enable CSV format the FortiManager unit produces space separated log files. Default: disable

facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}

Enter the facility type. facility identifies the source of the log message to syslog. Change facility to distinguish log messages from different FortiManager units so you can determine the source of the log messages. Available facility types are:

  • alert: Log alert.
  • audit: Log audit.
  • auth: Security/authorization messages.
  • authpriv: Security/authorization messages (private).
  • clock: Clock daemon
  • cron: Clock daemon.
  • daemon: System daemons.
  • ftp: File Transfer Protocol (FTP) daemon
  • kernel: Kernel messages.
  • local0 tolocal7: reserved for local use (default)
  • lpr: Line printer subsystem.
  • mail: Mail system.
  • news: Network news subsystem.
  • ntp: Network Time Protocol (NTP) daemon
  • syslog: Messages generated internally by the syslog daemon.
  • user: Random user-level messages.
  • uucp: Network news subsystem.

severity {emergency | alert | critical | error | warning | notification | information | debug}

Select the logging severity level. The FortiManager unit logs all messages at and above the logging severity level you select. For example, if you select critical, the unit logs critical, alert and emergency level messages.

The logging levels in descending order are:

  • emergency: The unit is unusable.
  • alert: Immediate action is required.
  • critical: Functionality is affected.
  • error: Functionality is probably affected.
  • warning: Functionality might be affected.
  • notification: Information about normal events.
  • information: General information about unit operations.
  • debug: Information used for diagnosis or debugging.

status {enable | disable}

Enable or disable logging to the remote syslog server.

syslog-name <string>

Enter the remote syslog server name.

Example

In this example, the logs are uploaded to a syslog server at IPv4 address 10.10.10.8. The FortiManager unit is identified as facility local0.

config system locallog syslogd setting

set facility local0

set status enable

set severity information

end