Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSwitch 7.2.8 Administration Guide
    7.2.8
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.11
    6.4.6
    6.4.5
    6.4.3
    6.4.2
    6.4.0
    6.2.5
    6.2.2
    6.2.1
    6.2.0

    Log

    Log

    FortiSwitchOS provides a robust logging environment that enables you to monitor, store, and report traffic information and FortiSwitch events, including attempted log ins and hardware status. Depending on your requirements, you can log to a number of different hosts.

    To configure event logging using the GUI:
    1. Go to Log > Config.


    2. Under Event Type, select Enable.
    3. Under Event Type, select the categories of events that you want logged.
    4. Select Apply.
    To configure event logging using the CLI:

    config log eventfilter

    set event {enable | disable}

    set link {enable | disable}

    set poe {enable | disable}

    set router {enable | disable}

    set spanning_tree {enable | disable}

    set switch {enable | disable}

    set switch_controller {enable | disable}

    set system {enable | disable}

    set user {enable | disable}

    end

    To view the event logs in the GUI:
    1. Go to Log > Entries.
    2. From the Subtype dropdown list, select the type of log entries to view.
    3. From the Level dropdown list, select the severity of events to view.
    4. From the User dropdown list, select which user or process generated the log entry.
    5. From the User Interface dropdown list, select the IP network service that applies to the log entry.
    6. From the Action dropdown list, select the event to view.
    7. From the Status dropdown list, select the event result to view.
    note icon The MAC event log does not report any MAC changes on the port when 802.1X authentication is enabled.
    To view the event logs in the CLI:

    show log eventfilter

    Syslog server

    Sysog is an industry standard for collecting log messages for off-site storage. You can send logs to a single syslog server. The syslog server can be configured in the GUI or CLI. Reliable syslog (RFC 6587) can be configured only in the CLI.

    To configure a syslog server in the GUI:
    1. Go to Log > Config.


    2. Under Syslog, select Enable.
    3. Select the severity of events to log.
    4. Enter the IP address or fully qualified domain name in the Server field.
    5. Enter the port number that the syslog server will use. By default, port 514 is used.
    6. Select Apply.
    To configure a syslog server in the CLI:

    config log syslogd setting

    set status enable

    set server <IP address or FQDN of the syslog server>

    set port <port number that the syslog server will use for logging traffic>

    set facility <facility used for remote syslog>

    set source-ip <source IP address of the syslog server>

    end

    For example, to set the source IP address of a syslog server to have an IP address of 192.168.4.5:

    config log syslogd setting

    set status enable

    set source-ip 192.168.4.5

    end

    To configure a reliable syslog server in the CLI:

    config log syslogd setting

    set status enable

    set server <IP address or FQDN of the syslog server>

    set mode reliable

    set port <port number that the syslog server will use for logging traffic>

    set enc-algorithm {high | high-medium | low}

    set certificate <certificate_used_to_communicate_with_syslog_server>

    end

    For example:

    config log syslogd setting

    set status enable

    set source-ip 192.168.4.5

    set mode reliable

    set port 6514 // This is the default port used for reliable syslog.

    set enc-algorithm high-medium

    set certificate "155-sub-client"

    end

    Previous
    Next

    Log

    Log

    FortiSwitchOS provides a robust logging environment that enables you to monitor, store, and report traffic information and FortiSwitch events, including attempted log ins and hardware status. Depending on your requirements, you can log to a number of different hosts.

    To configure event logging using the GUI:
    1. Go to Log > Config.


    2. Under Event Type, select Enable.
    3. Under Event Type, select the categories of events that you want logged.
    4. Select Apply.
    To configure event logging using the CLI:

    config log eventfilter

    set event {enable | disable}

    set link {enable | disable}

    set poe {enable | disable}

    set router {enable | disable}

    set spanning_tree {enable | disable}

    set switch {enable | disable}

    set switch_controller {enable | disable}

    set system {enable | disable}

    set user {enable | disable}

    end

    To view the event logs in the GUI:
    1. Go to Log > Entries.
    2. From the Subtype dropdown list, select the type of log entries to view.
    3. From the Level dropdown list, select the severity of events to view.
    4. From the User dropdown list, select which user or process generated the log entry.
    5. From the User Interface dropdown list, select the IP network service that applies to the log entry.
    6. From the Action dropdown list, select the event to view.
    7. From the Status dropdown list, select the event result to view.
    note icon The MAC event log does not report any MAC changes on the port when 802.1X authentication is enabled.
    To view the event logs in the CLI:

    show log eventfilter

    Syslog server

    Sysog is an industry standard for collecting log messages for off-site storage. You can send logs to a single syslog server. The syslog server can be configured in the GUI or CLI. Reliable syslog (RFC 6587) can be configured only in the CLI.

    To configure a syslog server in the GUI:
    1. Go to Log > Config.


    2. Under Syslog, select Enable.
    3. Select the severity of events to log.
    4. Enter the IP address or fully qualified domain name in the Server field.
    5. Enter the port number that the syslog server will use. By default, port 514 is used.
    6. Select Apply.
    To configure a syslog server in the CLI:

    config log syslogd setting

    set status enable

    set server <IP address or FQDN of the syslog server>

    set port <port number that the syslog server will use for logging traffic>

    set facility <facility used for remote syslog>

    set source-ip <source IP address of the syslog server>

    end

    For example, to set the source IP address of a syslog server to have an IP address of 192.168.4.5:

    config log syslogd setting

    set status enable

    set source-ip 192.168.4.5

    end

    To configure a reliable syslog server in the CLI:

    config log syslogd setting

    set status enable

    set server <IP address or FQDN of the syslog server>

    set mode reliable

    set port <port number that the syslog server will use for logging traffic>

    set enc-algorithm {high | high-medium | low}

    set certificate <certificate_used_to_communicate_with_syslog_server>

    end

    For example:

    config log syslogd setting

    set status enable

    set source-ip 192.168.4.5

    set mode reliable

    set port 6514 // This is the default port used for reliable syslog.

    set enc-algorithm high-medium

    set certificate "155-sub-client"

    end

    Previous
    Next