Fortinet black logo

Administration Guide

Log receivers

Copy Link
Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:327180
Download PDF

Log receivers

Event and Alarm records may be stored offline on another host. The events and alarms are forwarded by using either a Syslog message or an SNMP Trap. See Log events to an external log host and Map events to alarms for more information. The host may be either an SNMP Trap receiver or a Syslog server. Use the Log Receivers view to add, modify, and remove external log hosts.

Add a log host server

  1. Click System > Settings.
  2. In the tree on the left select System Communication > Log Receivers.
  3. Click Add to add a log host.
  4. Select the type of server.
  5. Enter the IP Address of the server.
  6. Enter the configuration parameters for the type of log host. The standard port information for each host type is automatically entered. See the table below for detailed information on each type of server.
  7. Click OK.
Settings

Field

Definition

Type

Type of server that will receive Event and Alarm messages. Options include: Syslog CSV, SNMP Trap, and Syslog Command Event Format (CEF).

IP Address

IP Address of the server that will receive Event and Alarm messages.

Port

Connection port on the server. For Syslog CSV and Syslog CEF servers, the default = 514. For SNMP Trap servers the default =162

Facility

Displays only when Syslog is selected as the Type. Allows you to configure the message type. The default is 4. Options include:

  • 0 kernel messages
  • 1 user-level messages
  • 2 mail system
  • 3 system daemons
  • 4 security/authorization messages
  • 5 messages generated internally by syslogd
  • 6 line printer subsystem
  • 7 network news subsystem
  • 8 UUCP subsystem
  • 9 clock daemon
  • 10 security/authorization messages
  • 11 FTP daemon
  • 12 NTP subsystem
  • 13 log audit
  • 14 log alert
  • 15 clock daemon
  • 16 local use 0 (local0)
  • 17 local use 1 (local1)
  • 18 local use 2 (local2)
  • 19 local use 3 (local3)
  • 20 local use 4 (local4)
  • 21 local use 5 (local5)
  • 22 local use 6 (local6)
  • 23 local use 7 (local7)

Security String

Displays only when SNMP is selected as the Type. The security string sent with the Event and Alarm message.

Modify connection information

  1. Click System > Settings.
  2. In the tree on the left, select System Communication > Log Receivers.
  3. Select a log receiver from the list and click Modify.
  4. Edit the log host information.
  5. Click OK.

Delete an external log host

  1. Click System > Settings.
  2. In the tree on the left select System Communication > Log Receivers.
  3. Select a Log Receiver from the list and click Delete.
  4. Click Yes on the confirmation message.

Log receivers

Event and Alarm records may be stored offline on another host. The events and alarms are forwarded by using either a Syslog message or an SNMP Trap. See Log events to an external log host and Map events to alarms for more information. The host may be either an SNMP Trap receiver or a Syslog server. Use the Log Receivers view to add, modify, and remove external log hosts.

Add a log host server

  1. Click System > Settings.
  2. In the tree on the left select System Communication > Log Receivers.
  3. Click Add to add a log host.
  4. Select the type of server.
  5. Enter the IP Address of the server.
  6. Enter the configuration parameters for the type of log host. The standard port information for each host type is automatically entered. See the table below for detailed information on each type of server.
  7. Click OK.
Settings

Field

Definition

Type

Type of server that will receive Event and Alarm messages. Options include: Syslog CSV, SNMP Trap, and Syslog Command Event Format (CEF).

IP Address

IP Address of the server that will receive Event and Alarm messages.

Port

Connection port on the server. For Syslog CSV and Syslog CEF servers, the default = 514. For SNMP Trap servers the default =162

Facility

Displays only when Syslog is selected as the Type. Allows you to configure the message type. The default is 4. Options include:

  • 0 kernel messages
  • 1 user-level messages
  • 2 mail system
  • 3 system daemons
  • 4 security/authorization messages
  • 5 messages generated internally by syslogd
  • 6 line printer subsystem
  • 7 network news subsystem
  • 8 UUCP subsystem
  • 9 clock daemon
  • 10 security/authorization messages
  • 11 FTP daemon
  • 12 NTP subsystem
  • 13 log audit
  • 14 log alert
  • 15 clock daemon
  • 16 local use 0 (local0)
  • 17 local use 1 (local1)
  • 18 local use 2 (local2)
  • 19 local use 3 (local3)
  • 20 local use 4 (local4)
  • 21 local use 5 (local5)
  • 22 local use 6 (local6)
  • 23 local use 7 (local7)

Security String

Displays only when SNMP is selected as the Type. The security string sent with the Event and Alarm message.

Modify connection information

  1. Click System > Settings.
  2. In the tree on the left, select System Communication > Log Receivers.
  3. Select a log receiver from the list and click Modify.
  4. Edit the log host information.
  5. Click OK.

Delete an external log host

  1. Click System > Settings.
  2. In the tree on the left select System Communication > Log Receivers.
  3. Select a Log Receiver from the list and click Delete.
  4. Click Yes on the confirmation message.