Log Servers
FortiSandbox logs can be sent to a remote syslog server, common event type (CEF) server, or FortiAnalyzer. Go to Log & Report > Log Servers to create new, edit, and delete remote log server settings. You can configure up to 30 remote log server entries.
The following options are available:
Create New |
Create a new log server entry. |
Edit |
Edit the selected log server entry. |
Delete |
Delete the selected log server entry. |
This page displays the following information:
Name |
Name of the server entry. |
Server Type |
Server type. The following options are available: CEF, syslog (TCP/UDP), or FortiAnalyzer. |
Server Address |
Log server address. |
Port |
Log server port number. |
Status |
Status of the log server, Enabled or Disabled. |
To create a new server entry:
- Go to Log & Report > Log Servers.
- Click Create New.
- Configure the following settings:
Name
Name of the new server entry.
Type
Select log server type from the dropdown list.
Log Server Address
Port
Port number. The default port is 514.
Status
Select to enable or disable sending logs to the server.
Log Level
Select to enable the logging levels to be forwarded to the log server. The following options are available: - Enable Alert Logs. By default, only logs of non-Clean rated jobs are sent. To send Clean Job Alert Logs, select Include job with Clean Rating.
- Enable Critical Logs
- Enable Error Logs
- Enable Warning Logs
- Enable Information Logs
- Enable Debug Logs
- Click OK.
You can forward FortiSandbox logs to a FortiAnalyzer running version 5.2.0 or later. |
To edit or delete a log server:
- Go to Log and Report > Log Servers.
- Select an event entry.
- Click Edit or Delete.