Fortinet black logo

Administration Guide

Log Servers

Copy Link
Copy Doc ID 4f5a6250-a945-11ec-9fd1-fa163e15d75b:323679
Download PDF

Log Servers

FortiSandbox logs can be sent to a remote syslog server, common event type (CEF) server, or FortiAnalyzer. Go to Log & Report > Log Servers to create new, edit, and delete remote log server settings. You can configure up to 30 remote log server entries.

Note

Logs are transmitted instantly. If connectivity to the Log Server is interrupted, FortiSandbox will cache the logs in its buffer and attempt to resend later. The log buffer capacity is 1024 logs. Newer logs are discarded when the buffer is full.

The following options are available:

Create New

Create a new log server entry.

Edit

Edit the selected log server entry.

Delete

Delete the selected log server entry.

This page displays the following information:

Name

Name of the server entry.

Type

Server type. The following options are available: CEF, syslog (TCP/UDP), or FortiAnalyzer.

Log Server Address

Log server address (IPv4 or IPv6).

Port

Log server port number.

Status

Status of the log server, Enabled or Disabled.

Secure Connection

Security status of the log server, Enabled or Disabled.

To create a new server entry:
  1. Go to Log & Report > Log Servers.
  2. Click Create New.
  3. Configure the following settings:

    Name

    Name of the new server entry.

    Type

    Select log server type from the dropdown list.

    Log Server Address

    Log server IP address or FQDN.

    Port

    Port number. The default port is 514.

    Status

    Select to enable or disable sending logs to the server.

    Status

    Select to enable or disable encrypted communication between FortiSandbox and the syslog server.

    Log Level

    Select to enable the logging levels to be forwarded to the log server. The following options are available:
    • Enable Alert Logs. By default, only logs of non-Clean rated jobs are sent. To send Clean Job Alert Logs, select Include job with Clean Rating.
    • Enable Critical Logs
    • Enable Error Logs
    • Enable Warning Logs
    • Enable Information Logs
    • Enable Debug Logs
  4. Click OK.

You can forward FortiSandbox logs to a FortiAnalyzer running version 5.2.0 or later.

Syslog server supports IPv6.

To edit or delete a log server:
  1. Go to Log and Report > Log Servers.
  2. Select an event entry.
  3. Click Edit or Delete.

Log Servers

FortiSandbox logs can be sent to a remote syslog server, common event type (CEF) server, or FortiAnalyzer. Go to Log & Report > Log Servers to create new, edit, and delete remote log server settings. You can configure up to 30 remote log server entries.

Note

Logs are transmitted instantly. If connectivity to the Log Server is interrupted, FortiSandbox will cache the logs in its buffer and attempt to resend later. The log buffer capacity is 1024 logs. Newer logs are discarded when the buffer is full.

The following options are available:

Create New

Create a new log server entry.

Edit

Edit the selected log server entry.

Delete

Delete the selected log server entry.

This page displays the following information:

Name

Name of the server entry.

Type

Server type. The following options are available: CEF, syslog (TCP/UDP), or FortiAnalyzer.

Log Server Address

Log server address (IPv4 or IPv6).

Port

Log server port number.

Status

Status of the log server, Enabled or Disabled.

Secure Connection

Security status of the log server, Enabled or Disabled.

To create a new server entry:
  1. Go to Log & Report > Log Servers.
  2. Click Create New.
  3. Configure the following settings:

    Name

    Name of the new server entry.

    Type

    Select log server type from the dropdown list.

    Log Server Address

    Log server IP address or FQDN.

    Port

    Port number. The default port is 514.

    Status

    Select to enable or disable sending logs to the server.

    Status

    Select to enable or disable encrypted communication between FortiSandbox and the syslog server.

    Log Level

    Select to enable the logging levels to be forwarded to the log server. The following options are available:
    • Enable Alert Logs. By default, only logs of non-Clean rated jobs are sent. To send Clean Job Alert Logs, select Include job with Clean Rating.
    • Enable Critical Logs
    • Enable Error Logs
    • Enable Warning Logs
    • Enable Information Logs
    • Enable Debug Logs
  4. Click OK.

You can forward FortiSandbox logs to a FortiAnalyzer running version 5.2.0 or later.

Syslog server supports IPv6.

To edit or delete a log server:
  1. Go to Log and Report > Log Servers.
  2. Select an event entry.
  3. Click Edit or Delete.