Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Devices Managed by FortiOS

FortiSwitch log settings

You can export the logs of managed FortiSwitch units to the FortiGate unit or send FortiSwitch logs to a remote Syslog server.

This section covers the following topics:

Exporting logs to FortiGate

You can enable and disable whether the managed FortiSwitch units export their logs to the FortiGate unit. The setting is global, and the default setting is enabled. Starting in FortiOS 5.6.3, more details are included in the exported FortiSwitch logs.

To allow a level of filtering, the FortiGate unit sets the user field to “fortiswitch-syslog” for each entry.

Use the following CLI command syntax:

config switch-controller switch-log

set status {*enable | disable}

set severity {emergency | alert | critical | error | warning | notification | *information | debug}

end

You can override the global log settings for a FortiSwitch unit, using the following commands:

config switch-controller managed-switch

edit <switch-id>

config switch-log

set local-override enable

At this point, you can configure the log settings that apply to this specific switch.

Sending logs to a remote Syslog server

Instead of exporting FortiSwitch logs to a FortiGate unit, you can send FortiSwitch logs to one or two remote Syslog servers. After enabling this option, you can select the severity of log messages to send, whether to use comma-separated values (CSVs), and the type of remote Syslog facility. By default, FortiSwitch logs are sent to port 514 of the remote Syslog server.

Use the following CLI command syntax to configure the default syslogd and syslogd2 settings:

config switch-controller remote-log

edit {syslogd | syslogd2}

set status {enable | *disable}

set server <IPv4_address_of_remote_syslog_server>

set port <remote_syslog_server_listening_port>

set severity {emergency | alert | critical | error | warning | notification | *information | debug}

set csv {enable | *disable}

set facility {kernel | user | mail | daemon | auth | syslog | lpr | news | uucp | cron | authpriv | ftp | ntp | audit | alert | clock | local0 | local1 | local2 | local3 | local4 | local5 | local6 | *local7}

next

end

You can override the default syslogd and syslogd2 settings for a specific FortiSwitch unit, using the following commands:

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config remote-log

edit {edit syslogd | syslogd2}

set status {enable | *disable}

set server <IPv4_address_of_remote_syslog_server>

set port <remote_syslog_server_listening_port>

set severity {emergency | alert | critical | error | warning | notification | *information | debug}

set csv {enable | *disable}

set facility {kernel | user | mail | daemon | auth | syslog | lpr | news | uucp | cron | authpriv | ftp | ntp | audit | alert | clock | local0 | local1 | local2 | local3 | local4 | local5 | local6 | *local7}

next

end

next

end

FortiSwitch log settings

You can export the logs of managed FortiSwitch units to the FortiGate unit or send FortiSwitch logs to a remote Syslog server.

This section covers the following topics:

Exporting logs to FortiGate

You can enable and disable whether the managed FortiSwitch units export their logs to the FortiGate unit. The setting is global, and the default setting is enabled. Starting in FortiOS 5.6.3, more details are included in the exported FortiSwitch logs.

To allow a level of filtering, the FortiGate unit sets the user field to “fortiswitch-syslog” for each entry.

Use the following CLI command syntax:

config switch-controller switch-log

set status {*enable | disable}

set severity {emergency | alert | critical | error | warning | notification | *information | debug}

end

You can override the global log settings for a FortiSwitch unit, using the following commands:

config switch-controller managed-switch

edit <switch-id>

config switch-log

set local-override enable

At this point, you can configure the log settings that apply to this specific switch.

Sending logs to a remote Syslog server

Instead of exporting FortiSwitch logs to a FortiGate unit, you can send FortiSwitch logs to one or two remote Syslog servers. After enabling this option, you can select the severity of log messages to send, whether to use comma-separated values (CSVs), and the type of remote Syslog facility. By default, FortiSwitch logs are sent to port 514 of the remote Syslog server.

Use the following CLI command syntax to configure the default syslogd and syslogd2 settings:

config switch-controller remote-log

edit {syslogd | syslogd2}

set status {enable | *disable}

set server <IPv4_address_of_remote_syslog_server>

set port <remote_syslog_server_listening_port>

set severity {emergency | alert | critical | error | warning | notification | *information | debug}

set csv {enable | *disable}

set facility {kernel | user | mail | daemon | auth | syslog | lpr | news | uucp | cron | authpriv | ftp | ntp | audit | alert | clock | local0 | local1 | local2 | local3 | local4 | local5 | local6 | *local7}

next

end

You can override the default syslogd and syslogd2 settings for a specific FortiSwitch unit, using the following commands:

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config remote-log

edit {edit syslogd | syslogd2}

set status {enable | *disable}

set server <IPv4_address_of_remote_syslog_server>

set port <remote_syslog_server_listening_port>

set severity {emergency | alert | critical | error | warning | notification | *information | debug}

set csv {enable | *disable}

set facility {kernel | user | mail | daemon | auth | syslog | lpr | news | uucp | cron | authpriv | ftp | ntp | audit | alert | clock | local0 | local1 | local2 | local3 | local4 | local5 | local6 | *local7}

next

end

next

end