Log Servers
FortiSandbox logs can be sent to a remote syslog server, common event type (CEF) server, or FortiAnalyzer. Go to Log & Reports > Log Servers to create new, edit, and delete remote log server settings. You can configure up to 30 remote log server entries.
The following options are available:
|
Create New |
Select to create a new log server entry. |
|
Edit |
Select a log server entry in the list and click Edit in the toolbar to edit the entry. |
|
Delete |
Select a log server entry in the list and click Delete in the toolbar to delete the entry. |
This page displays the following information:
|
Name |
The name of the server entry. |
|
Server Type |
The server type. One of the following options: CEF, syslog , or FortiAnalyzer. |
|
Server Address |
The log server address. |
|
Port |
The log server port number. |
|
Status |
The status of the log server, Enabled or Disabled. |
To create a new server entry:
- Go to Log & Reports > Log Servers.
- Select + Create New from the toolbar.
- Configure the following settings:
Name
Enter a name for the new server entry.
Type
Select Log Server Type from the dropdown list.
Log Server Address
Port
Enter the port number. The default port is 514.
Status
Select to enable or disable sending logs to the server.
Log Level
Select to enable the logging levels to be forwarded to the log server. The following options are available: - Enable Alert Logs. By default, only logs of non-Clean rated jobs are sent. Users can choose to send Clean Job Alert Logs by selecting Include job with Clean Rating.
- Enable Critical Logs
- Enable Error Logs
- Enable Warning Logs
- Enable Information Logs
- Enable Debug Logs
- Select OK to save the entry.
|
You can forward FortiSandbox logs to a FortiAnalyzer running 5.2.0 or later. |
To edit or delete a log server:
- Go to Log and Report > Log Servers.
- Select a syslog server, FortiAnalyzer, or new common event entry.
- Click the Edit or Delete button from the toolbar.
