Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Devices Managed by FortiOS

    Home FortiSwitch 7.0.8 Devices Managed by FortiOS
    7.0.8
    7.0.8
    7.0.4
    7.0.2
    7.0.1
    7.0.0
    6.4.5
    6.4.3
    6.4.2
    6.4.0
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.4
    6.0.3
    6.0.1
    6.0.0
    6.0.0
    3.6.3
    3.6.0
    3.5.4

    FortiSwitch log settings

    FortiSwitch log settings

    You can export the logs of managed FortiSwitch units to the FortiGate unit or send FortiSwitch logs to a remote Syslog server.

    This section covers the following topics:

    Exporting logs to FortiGate

    You can enable and disable whether the managed FortiSwitch units export their logs to the FortiGate unit. The setting is global, and the default setting is enabled. Starting in FortiOS 5.6.3, more details are included in the exported FortiSwitch logs.

    To allow a level of filtering, the FortiGate unit sets the user field to “fortiswitch-syslog” for each entry.

    Use the following CLI command syntax:

    config switch-controller switch-log

    set status {*enable | disable}

    set severity {emergency | alert | critical | error | warning | notification | *information | debug}

    end

    You can override the global log settings for a FortiSwitch unit, using the following commands:

    config switch-controller managed-switch

    edit <switch-id>

    config switch-log

    set local-override enable

    At this point, you can configure the log settings that apply to this specific switch.

    Sending logs to a remote Syslog server

    Instead of exporting FortiSwitch logs to a FortiGate unit, you can send FortiSwitch logs to one or two remote Syslog servers. After enabling this option, you can select the severity of log messages to send, whether to use comma-separated values (CSVs), and the type of remote Syslog facility. By default, FortiSwitch logs are sent to port 514 of the remote Syslog server.

    Use the following CLI command syntax to configure the default syslogd and syslogd2 settings:

    config switch-controller remote-log

    edit {syslogd | syslogd2}

    set status {enable | *disable}

    set server <IPv4_address_of_remote_syslog_server>

    set port <remote_syslog_server_listening_port>

    set severity {emergency | alert | critical | error | warning | notification | *information | debug}

    set csv {enable | *disable}

    set facility {kernel | user | mail | daemon | auth | syslog | lpr | news | uucp | cron | authpriv | ftp | ntp | audit | alert | clock | local0 | local1 | local2 | local3 | local4 | local5 | local6 | *local7}

    next

    end

    You can override the default syslogd and syslogd2 settings for a specific FortiSwitch unit, using the following commands:

    config switch-controller managed-switch

    edit <FortiSwitch_serial_number>

    config remote-log

    edit {edit syslogd | syslogd2}

    set status {enable | *disable}

    set server <IPv4_address_of_remote_syslog_server>

    set port <remote_syslog_server_listening_port>

    set severity {emergency | alert | critical | error | warning | notification | *information | debug}

    set csv {enable | *disable}

    set facility {kernel | user | mail | daemon | auth | syslog | lpr | news | uucp | cron | authpriv | ftp | ntp | audit | alert | clock | local0 | local1 | local2 | local3 | local4 | local5 | local6 | *local7}

    next

    end

    next

    end

    Previous
    Next

    FortiSwitch log settings

    FortiSwitch log settings

    You can export the logs of managed FortiSwitch units to the FortiGate unit or send FortiSwitch logs to a remote Syslog server.

    This section covers the following topics:

    Exporting logs to FortiGate

    You can enable and disable whether the managed FortiSwitch units export their logs to the FortiGate unit. The setting is global, and the default setting is enabled. Starting in FortiOS 5.6.3, more details are included in the exported FortiSwitch logs.

    To allow a level of filtering, the FortiGate unit sets the user field to “fortiswitch-syslog” for each entry.

    Use the following CLI command syntax:

    config switch-controller switch-log

    set status {*enable | disable}

    set severity {emergency | alert | critical | error | warning | notification | *information | debug}

    end

    You can override the global log settings for a FortiSwitch unit, using the following commands:

    config switch-controller managed-switch

    edit <switch-id>

    config switch-log

    set local-override enable

    At this point, you can configure the log settings that apply to this specific switch.

    Sending logs to a remote Syslog server

    Instead of exporting FortiSwitch logs to a FortiGate unit, you can send FortiSwitch logs to one or two remote Syslog servers. After enabling this option, you can select the severity of log messages to send, whether to use comma-separated values (CSVs), and the type of remote Syslog facility. By default, FortiSwitch logs are sent to port 514 of the remote Syslog server.

    Use the following CLI command syntax to configure the default syslogd and syslogd2 settings:

    config switch-controller remote-log

    edit {syslogd | syslogd2}

    set status {enable | *disable}

    set server <IPv4_address_of_remote_syslog_server>

    set port <remote_syslog_server_listening_port>

    set severity {emergency | alert | critical | error | warning | notification | *information | debug}

    set csv {enable | *disable}

    set facility {kernel | user | mail | daemon | auth | syslog | lpr | news | uucp | cron | authpriv | ftp | ntp | audit | alert | clock | local0 | local1 | local2 | local3 | local4 | local5 | local6 | *local7}

    next

    end

    You can override the default syslogd and syslogd2 settings for a specific FortiSwitch unit, using the following commands:

    config switch-controller managed-switch

    edit <FortiSwitch_serial_number>

    config remote-log

    edit {edit syslogd | syslogd2}

    set status {enable | *disable}

    set server <IPv4_address_of_remote_syslog_server>

    set port <remote_syslog_server_listening_port>

    set severity {emergency | alert | critical | error | warning | notification | *information | debug}

    set csv {enable | *disable}

    set facility {kernel | user | mail | daemon | auth | syslog | lpr | news | uucp | cron | authpriv | ftp | ntp | audit | alert | clock | local0 | local1 | local2 | local3 | local4 | local5 | local6 | *local7}

    next

    end

    next

    end

    Previous
    Next