Fortinet black logo

Administration Guide

Log Servers

Copy Link
Copy Doc ID af12b5b0-1c45-11ea-9384-00505692583a:323679
Download PDF

Log Servers

FortiSandbox logs can be sent to a remote syslog server, common event type (CEF) server, or FortiAnalyzer. Go to Log & Reports > Log Servers to create new, edit, and delete remote log server settings. You can configure up to 30 remote log server entries.

The following options are available:

Create New

Select to create a new log server entry.

Edit

Select a log server entry in the list and click Edit in the toolbar to edit the entry.

Delete

Select a log server entry in the list and click Delete in the toolbar to delete the entry.

This page displays the following information:

Name

The name of the server entry.

Server Type

The server type. One of the following options: CEF, syslog , or FortiAnalyzer.

Server Address

The log server address.

Port

The log server port number.

Status

The status of the log server, Enabled or Disabled.

To create a new server entry:
  1. Go to Log & Reports > Log Servers.
  2. Select + Create New from the toolbar.
  3. Configure the following settings:

    Name

    Enter a name for the new server entry.

    Type

    Select Log Server Type from the dropdown list.

    Log Server Address

    Enter the log server IP address or FQDN.

    Port

    Enter the port number. The default port is 514.

    Status

    Select to enable or disable sending logs to the server.

    Log Level

    Select to enable the logging levels to be forwarded to the log server. The following options are available:
    • Enable Alert Logs. By default, only logs of non-Clean rated jobs are sent. Users can choose to send Clean Job Alert Logs by selecting Include job with Clean Rating.
    • Enable Critical Logs
    • Enable Error Logs
    • Enable Warning Logs
    • Enable Information Logs
    • Enable Debug Logs
  4. Select OK to save the entry.

You can forward FortiSandbox logs to a FortiAnalyzer running 5.2.0 or later.

To edit or delete a log server:
  1. Go to Log and Report > Log Servers.
  2. Select a syslog server, FortiAnalyzer, or new common event entry.
  3. Click the Edit or Delete button from the toolbar.

Log Servers

FortiSandbox logs can be sent to a remote syslog server, common event type (CEF) server, or FortiAnalyzer. Go to Log & Reports > Log Servers to create new, edit, and delete remote log server settings. You can configure up to 30 remote log server entries.

The following options are available:

Create New

Select to create a new log server entry.

Edit

Select a log server entry in the list and click Edit in the toolbar to edit the entry.

Delete

Select a log server entry in the list and click Delete in the toolbar to delete the entry.

This page displays the following information:

Name

The name of the server entry.

Server Type

The server type. One of the following options: CEF, syslog , or FortiAnalyzer.

Server Address

The log server address.

Port

The log server port number.

Status

The status of the log server, Enabled or Disabled.

To create a new server entry:
  1. Go to Log & Reports > Log Servers.
  2. Select + Create New from the toolbar.
  3. Configure the following settings:

    Name

    Enter a name for the new server entry.

    Type

    Select Log Server Type from the dropdown list.

    Log Server Address

    Enter the log server IP address or FQDN.

    Port

    Enter the port number. The default port is 514.

    Status

    Select to enable or disable sending logs to the server.

    Log Level

    Select to enable the logging levels to be forwarded to the log server. The following options are available:
    • Enable Alert Logs. By default, only logs of non-Clean rated jobs are sent. Users can choose to send Clean Job Alert Logs by selecting Include job with Clean Rating.
    • Enable Critical Logs
    • Enable Error Logs
    • Enable Warning Logs
    • Enable Information Logs
    • Enable Debug Logs
  4. Select OK to save the entry.

You can forward FortiSandbox logs to a FortiAnalyzer running 5.2.0 or later.

To edit or delete a log server:
  1. Go to Log and Report > Log Servers.
  2. Select a syslog server, FortiAnalyzer, or new common event entry.
  3. Click the Edit or Delete button from the toolbar.