Log Servers
FortiSandbox logs can be sent to a remote syslog server, common event type (CEF) server, or FortiAnalyzer. Go to Log & Report > Log Servers to create new, edit, and delete remote log server settings. You can configure up to 30 remote log server entries.
Logs are transmitted instantly. If connectivity to the Log Server is interrupted, FortiSandbox will cache the logs in its buffer and attempt to resend later. The log buffer capacity is 1024 logs. Newer logs are discarded when the buffer is full. |
The following options are available:
Create New |
Create a new log server entry. |
Edit |
Edit the selected log server entry. |
Delete |
Delete the selected log server entry. |
This page displays the following information:
Name |
Name of the server entry. |
Type |
Server type. The following options are available: CEF, syslog (TCP/UDP), or FortiAnalyzer. |
Log Server Address |
Log server address (IPv4 or IPv6). |
Port |
Log server port number. |
Status |
Status of the log server, Enabled or Disabled. |
Secure Connection |
Security status of the log server, Enabled or Disabled. |
To create a new server entry:
- Go to Log & Report > Log Servers.
- Click Create New.
- Configure the following settings:
Name
Name of the new server entry.
Type
Select log server type from the dropdown list.
Log Server Address
Log server IP address or FQDN.
Port
Port number. The default port is 514.
If the Type is FortiAnalyzer, the port is uneditable.
Status
Select to enable or disable sending logs to the server.
Status
Select to enable or disable encrypted communication between FortiSandbox and the syslog server.
Log Level
Select to enable the logging levels to be forwarded to the log server. The following options are available: - Enable Alert Logs. By default, only logs of non-Clean rated jobs are sent. To send Clean Job Alert Logs, select Include job with Clean Rating.
- Enable Critical Logs
- Enable Error Logs
- Enable Warning Logs
- Enable Information Logs
- Enable Debug Logs
- Click OK.
You can forward FortiSandbox logs to a FortiAnalyzer. Syslog server supports IPv6. |
To edit or delete a log server:
- Go to Log and Report > Log Servers.
- Select an event entry.
- Click Edit or Delete.