Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiVoice Phone System Administration Guide

Configuring logging

The Log Setting submenu includes two tabs, Local and Remote, that let you:

  • set the severity level
  • configure which types of log messages to record
  • specify where to store the logs

You can configure the FortiVoice unit to store log messages locally (that is, in RAM or to the hard disk), remotely (that is, on a Syslog server or FortiAnalyzer unit), or at both locations.

Your choice of storage location may be affected by several factors, including the following:

  • Local logging by itself may not satisfy your requirements for off-site log storage.
  • Very frequent logging may cause undue wear when stored on the local hard drive. A low severity threshold is one possible cause of frequent logging. For more information on severity levels, see Log message severity levels.

For information on viewing locally stored log messages, see Viewing log messages.

This section includes the following topics:

Configuring logging to the hard disk

You can store log messages locally on the hard disk of the FortiVoice unit.

To ensure that the local hard disk has sufficient disk space to store new log messages and that it does not overwrite existing logs, you should regularly download backup copies of the oldest log files to your management computer or other storage, and then delete them from the FortiVoice unit. (Alternatively, you could configure logging to a remote host.)

You can view and download these logs from the Log submenu of the Monitor tab. For more information, see Viewing log messages.

For logging accuracy, you should also verify that the FortiVoice unit’s system time is accurate. For details, see Configuring the time and date.

To configure logging to the local hard disk

  1. Go to Log & Report > Log Setting > Local.
  2. Select the Enabled option to allow logging to the local hard disk.
  3. In Log file size, enter the file size limit of the current log file in megabytes (MB). The log file size limit must be between 10 MB and 1000 MB.
  4. In Log time, enter the time (in days) of file age limit.
  5. In At hour, enter the hour of the day (24-hour format) when the file rotation should start.

    When a log file reaches either the age or size limit, the FortiVoice unit rotates the current log file: that is, it renames the current log file (elog.log) with a file name indicating its sequential relationship to other log files of that type (elog2.log, and so on), then creates a new current log file. For example, if you set the log time to 10 days at hour 23, the log file will be rotated at 23 o’clock of the 10th day.

    Note

    Large log files may decrease display and search performance.

  6. From Log level, select the severity level that a log message must equal or exceed in order to be recorded to this storage location.
  7. From Log options when disk is full, select what the FortiVoice unit will do when the local disk is full and a new log message is caused, either:
    •  Do not log: Discard all new log messages.
    •  Overwrite: Delete the oldest log file in order to free disk space, and store the new log message.
  8. In Logging Policy Configuration, click the arrow to review the options and enable the types of logs that you want to record to this storage location. For details, see Choosing which events to log.
  9. Click Apply.

Choosing which events to log

Both the local and remote server configuration recognize the following events. Select the check boxes of the events you want to log.

Events logging options

System Log

Select this check box and then select specific system logs. No system types are logged unless you enable this option.

  • When configuration has changed: Log configuration changes.
  • Admin login/logout event: Log all administrative events, such as logins, resets, and configuration updates.
  • System activity event: Log all system-related events, such as rebooting the FortiVoice unit.
  • HA: Log all high availability (HA) activity.
  • DHCP event: Log DHCP server events.
  • Monitor: Log call recording, call barging, and traffic capture events.
  • Voice mail event: Log voicemail events.
  • DNS: Log DNS events.

Generic Log

Select this check box and then select specific events. No event types are logged unless you enable this option.

  • SMTP: Log SMTP relay or proxy events.
  • Activity:

Voice Log

Logs phone call events.

Fax Log

Logs fax events.

DTMF Log

Logs Dual Tone Multi-Frequency events.

This option is for local log setting only.

Hotel Log

Logs hotel management events, such as guest check-in and check-out.

This option is for local log setting only.

Call Center Log

Logs call center events, such as IVR and agent events.

This option is for local log setting only.

Configuring logging to a Syslog server or FortiAnalyzer unit

Instead of or in addition to logging locally, you can store log messages remotely on a Syslog server or a FortiAnalyzer unit.

You can add a maximum of three remote Syslog servers.

Note

Logs stored remotely cannot be viewed from the web-based manager of the FortiVoice unit. If you require the ability to view logs from the web-based manager, also enable local storage. For details, see Configuring logging to the hard disk.

Before you can log to a remote location, you must first enable logging. For details, see Choosing which events to log. For logging accuracy, you should also verify that the FortiVoice unit’s system time is accurate. For details, see Configuring the time and date.

To configure logging to a Syslog server or FortiAnalyzer unit

  1. Go to Log & Report > Log Setting > Remote.
  2. Click New to create a new entry or double-click an existing entry to modify it.

    GUI field

     

    Description

    Log to Remote Host

     

     

    Enable

    Select to allow logging to a remote host.

     

    Name

    Enter a name for the remote host.

     

    IP

    Enter the IP address of the Syslog server or FortiAnalyzer unit where the FortiVoice unit will store the logs.

     

    Port

    If the remote host is a FortiAnalyzer unit, enter 514; if the remote host is a Syslog server, enter the UDP port number on which the Syslog server listens for connections (by default, UDP 514).

     

    Level

    Select the severity level that a log message must equal or exceed in order to be recorded to this storage location.

    For information about severity levels, see Log message severity levels.

     

    Facility

    Select the facility identifier that the FortiVoice unit will use to identify itself when sending log messages.

    To easily identify log messages from the FortiVoice unit when they are stored on a remote logging server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier.

     

    CVS format

    Enable this option if you want to send log messages in comma-separated value (CSV) format.

    Do not enable this option if the remote host is a FortiAnalyzer unit. FortiAnalyzer units do not support CSV-formatted log messages.

    Logging Policy Configuration

    Click the arrow to review the options and enable the types of logs you want to record to this storage location. For details, see Choosing which events to log.

  3. Click Create.
  4. If the remote host is a FortiAnalyzer unit, confirm with the FortiAnalyzer administrator that the FortiVoice unit was added to the FortiAnalyzer unit’s device list, allocated sufficient disk space quota, and assigned permission to transmit logs to the FortiAnalyzer unit. For details, see the FortiAnalyzer Administration Guide.
  5. To verify logging connectivity, from the FortiVoice unit, trigger a log message that matches the types and severity levels that you have chosen to store on the remote host. Then, on the remote host, confirm that it has received that log message.

    For example, if you have chosen to record event log messages to the remote host and if they are more severe than Information, you could log in to the web-based manager or download a backup copy of the FortiVoice unit’s configuration file in order to trigger an event log message.

    If the remote host does not receive the log messages, verify the FortiVoice unit’s network interfaces (see Configuring the network interfaces and About the management IP) and static routes (see Configuring static routes ), and the policies on any intermediary firewalls or routers. If ICMP ECHO (ping) is enabled on the remote host, you can use the execute traceroute command to determine the point where connectivity fails.

Configuring logging

The Log Setting submenu includes two tabs, Local and Remote, that let you:

  • set the severity level
  • configure which types of log messages to record
  • specify where to store the logs

You can configure the FortiVoice unit to store log messages locally (that is, in RAM or to the hard disk), remotely (that is, on a Syslog server or FortiAnalyzer unit), or at both locations.

Your choice of storage location may be affected by several factors, including the following:

  • Local logging by itself may not satisfy your requirements for off-site log storage.
  • Very frequent logging may cause undue wear when stored on the local hard drive. A low severity threshold is one possible cause of frequent logging. For more information on severity levels, see Log message severity levels.

For information on viewing locally stored log messages, see Viewing log messages.

This section includes the following topics:

Configuring logging to the hard disk

You can store log messages locally on the hard disk of the FortiVoice unit.

To ensure that the local hard disk has sufficient disk space to store new log messages and that it does not overwrite existing logs, you should regularly download backup copies of the oldest log files to your management computer or other storage, and then delete them from the FortiVoice unit. (Alternatively, you could configure logging to a remote host.)

You can view and download these logs from the Log submenu of the Monitor tab. For more information, see Viewing log messages.

For logging accuracy, you should also verify that the FortiVoice unit’s system time is accurate. For details, see Configuring the time and date.

To configure logging to the local hard disk

  1. Go to Log & Report > Log Setting > Local.
  2. Select the Enabled option to allow logging to the local hard disk.
  3. In Log file size, enter the file size limit of the current log file in megabytes (MB). The log file size limit must be between 10 MB and 1000 MB.
  4. In Log time, enter the time (in days) of file age limit.
  5. In At hour, enter the hour of the day (24-hour format) when the file rotation should start.

    When a log file reaches either the age or size limit, the FortiVoice unit rotates the current log file: that is, it renames the current log file (elog.log) with a file name indicating its sequential relationship to other log files of that type (elog2.log, and so on), then creates a new current log file. For example, if you set the log time to 10 days at hour 23, the log file will be rotated at 23 o’clock of the 10th day.

    Note

    Large log files may decrease display and search performance.

  6. From Log level, select the severity level that a log message must equal or exceed in order to be recorded to this storage location.
  7. From Log options when disk is full, select what the FortiVoice unit will do when the local disk is full and a new log message is caused, either:
    •  Do not log: Discard all new log messages.
    •  Overwrite: Delete the oldest log file in order to free disk space, and store the new log message.
  8. In Logging Policy Configuration, click the arrow to review the options and enable the types of logs that you want to record to this storage location. For details, see Choosing which events to log.
  9. Click Apply.

Choosing which events to log

Both the local and remote server configuration recognize the following events. Select the check boxes of the events you want to log.

Events logging options

System Log

Select this check box and then select specific system logs. No system types are logged unless you enable this option.

  • When configuration has changed: Log configuration changes.
  • Admin login/logout event: Log all administrative events, such as logins, resets, and configuration updates.
  • System activity event: Log all system-related events, such as rebooting the FortiVoice unit.
  • HA: Log all high availability (HA) activity.
  • DHCP event: Log DHCP server events.
  • Monitor: Log call recording, call barging, and traffic capture events.
  • Voice mail event: Log voicemail events.
  • DNS: Log DNS events.

Generic Log

Select this check box and then select specific events. No event types are logged unless you enable this option.

  • SMTP: Log SMTP relay or proxy events.
  • Activity:

Voice Log

Logs phone call events.

Fax Log

Logs fax events.

DTMF Log

Logs Dual Tone Multi-Frequency events.

This option is for local log setting only.

Hotel Log

Logs hotel management events, such as guest check-in and check-out.

This option is for local log setting only.

Call Center Log

Logs call center events, such as IVR and agent events.

This option is for local log setting only.

Configuring logging to a Syslog server or FortiAnalyzer unit

Instead of or in addition to logging locally, you can store log messages remotely on a Syslog server or a FortiAnalyzer unit.

You can add a maximum of three remote Syslog servers.

Note

Logs stored remotely cannot be viewed from the web-based manager of the FortiVoice unit. If you require the ability to view logs from the web-based manager, also enable local storage. For details, see Configuring logging to the hard disk.

Before you can log to a remote location, you must first enable logging. For details, see Choosing which events to log. For logging accuracy, you should also verify that the FortiVoice unit’s system time is accurate. For details, see Configuring the time and date.

To configure logging to a Syslog server or FortiAnalyzer unit

  1. Go to Log & Report > Log Setting > Remote.
  2. Click New to create a new entry or double-click an existing entry to modify it.

    GUI field

     

    Description

    Log to Remote Host

     

     

    Enable

    Select to allow logging to a remote host.

     

    Name

    Enter a name for the remote host.

     

    IP

    Enter the IP address of the Syslog server or FortiAnalyzer unit where the FortiVoice unit will store the logs.

     

    Port

    If the remote host is a FortiAnalyzer unit, enter 514; if the remote host is a Syslog server, enter the UDP port number on which the Syslog server listens for connections (by default, UDP 514).

     

    Level

    Select the severity level that a log message must equal or exceed in order to be recorded to this storage location.

    For information about severity levels, see Log message severity levels.

     

    Facility

    Select the facility identifier that the FortiVoice unit will use to identify itself when sending log messages.

    To easily identify log messages from the FortiVoice unit when they are stored on a remote logging server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier.

     

    CVS format

    Enable this option if you want to send log messages in comma-separated value (CSV) format.

    Do not enable this option if the remote host is a FortiAnalyzer unit. FortiAnalyzer units do not support CSV-formatted log messages.

    Logging Policy Configuration

    Click the arrow to review the options and enable the types of logs you want to record to this storage location. For details, see Choosing which events to log.

  3. Click Create.
  4. If the remote host is a FortiAnalyzer unit, confirm with the FortiAnalyzer administrator that the FortiVoice unit was added to the FortiAnalyzer unit’s device list, allocated sufficient disk space quota, and assigned permission to transmit logs to the FortiAnalyzer unit. For details, see the FortiAnalyzer Administration Guide.
  5. To verify logging connectivity, from the FortiVoice unit, trigger a log message that matches the types and severity levels that you have chosen to store on the remote host. Then, on the remote host, confirm that it has received that log message.

    For example, if you have chosen to record event log messages to the remote host and if they are more severe than Information, you could log in to the web-based manager or download a backup copy of the FortiVoice unit’s configuration file in order to trigger an event log message.

    If the remote host does not receive the log messages, verify the FortiVoice unit’s network interfaces (see Configuring the network interfaces and About the management IP) and static routes (see Configuring static routes ), and the policies on any intermediary firewalls or routers. If ICMP ECHO (ping) is enabled on the remote host, you can use the execute traceroute command to determine the point where connectivity fails.