Log Settings
Go to Log & Report > Log Settings to configure Syslog settings for FortiAnalyzer (7.0.1 and higher) and FortiSIEM (6.3.0 and higher). You can use the secondary Syslog field to send the same logs to different Syslog servers. You can configure both fields to send to both FortiAnalyzer and FortiSIEM.
Log Settings send Syslog messages about the Attack Scenario to other devices such as FortiAnalyzer or FortiSIEM.
|
Log Settings in Center mode
In Center mode, the Log Settings can be configured to send the Center's system event log to the syslog servers. Detection logs, including malware logs and NDR logs that record events occurring in the sensors, are sent directly from the sensors themselves. To upload and edit the sensor syslog configurations, go to System > Sensor Settings and click Restore Configuration. For more information, see Sensor Settings.
To configure the Log Settings:
- Go to Log & Report > Log Settings.
- Configure the following settings:
Send logs to FortiAnalyzer/FortiSIEM Click to Enable or Disable. Type Syslog Protocol. Log Server Address Enter the FortiAnalyzer/FortiSIEM log server address. Port Enter the FortiAnalyzer/FortiSIEM port number. Default is UDP: 514. Send logs to Syslog Server 1 Click to Enable or Disable. Type Syslog Protocol. Log Server Address Enter the Syslog Server 1 log server address. Port Enter the Syslog Server 1 log server port number. Default is UDP: 514. - Click OK.