Log settings
Log settings determine what information is recorded in logs, where the logs are stored, and how often storage occurs.
|
Remote Logging and Archiving |
|||
|
Enable/disable sending logs to syslog. When enabled, enter the IP address/FQDN for the syslog. See Configuring parameters to send logs to syslog server. Note: The option is disabled by default. |
||
|
Log Settings |
|||
|
By default, the system logs all the events: system activity, user activity, and HA. You can customize event logging by selecting Customize and then unselecting options under Customize. Note: No event logs are recorded and displayed on the Log & Report > Events page for unselected events. |
||
|
Older logs are deleted when disk space is low. |
Disabling disk storage
Although it is not suggested that you disable the disk storage, FortiPAM allows you to disable the disk storage via the CLI.
To disable disk storage:
|
If you intend to disable the disk storage, ensure that the memory storage is enabled to make the log pages work correctly: config log memory setting set status enable end |
- In the CLI console, enter the following commands:
config log disk setting
set status disable
end
Configuring parameters to send logs to syslog server
To configure parameters to send logs to syslog server:
- Go to Log & Report > Log Settings.
- In Additional Information, select Edit in CLI.
The CLI console opens.
- Use the following parameters:
status {enable | disable}
Enable/disable remote syslog logging (default = disable).
The following parameters are only available when the
statusis set asenable.server <string>
Address of the remote syslog server.
mode {legacy-reliable | reliable | udp}
The remote syslog logging mode:
legacy-reliable: Legacy reliable syslogging by RFC3195 (Reliable Delivery for Syslog).reliable: Reliable syslogging by RFC6587 (Transmission of Syslog Messages over TCP).udp: syslogging over UDP (default).
port <integer>
The server listening port number (default = 514, 0 - 65535).
facility {kernel | user | mail | daemon | auth | syslog | lpr | news | uucp | cron | authpriv | ftp | ntp | audit | alert | clock | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7}
The remote syslog facility (default =
local7):kernel: Kernel messages.user: Random user-level messages.mail: Mail system.daemon: System daemons.auth: Security/authorization messages.syslog: Messages generated internally by syslog.lpr: Line printer subsystem.news: Network news subsystem.uucp: Network news subsystem.cron: Clock daemon.authpriv: Security/authorization messages (private).ftp: FTP daemon.ntp: NTP daemon.audit: Log audit.alert: Log alert.clock: Clock daemon.local0 ... local7: Reserved for local use.
source-ip <string>
The source IP address of syslog.
format {cef | csv | default | rfc5424}
The log format:
cef: CEF (Common Event Format) format.csv: CSV (Comma Separated Values) format.default: Syslog format (default).rfc5424: Syslog RFC5424 format.
priority {default | low}
The log transmission priority:
default: Set Syslog transmission priority to default (default).low: Set Syslog transmission priority to low.
max-log-rate <integer>
The syslog maximum log rate in MBps (default = 0, 0 - 100000 where 0 = unlimited).
interface-select-method {auto | sdwan | specify}
Specify how to select outgoing interface to reach the server:
auto: Set outgoing interface automatically (default).sdwan: Set outgoing interface by SD-WAN or policy routing rules.specify: Set outgoing interface manually.
- After adjusting the parameters, click x to close the CLI console.