log fortianalyzer-policy
Use this command to create policies for use by protection rules to store log messages remotely on a FortiAnalyzer appliance. For example, once you create a FortiAnalyzer policy, you can include it in a trigger policy, which in turn can be applied to a trigger action in a protection rule.
You need to create a FortiAnalyzer policy if you also plan to send log messages to a FortiAnalyzer appliance.
To use this command, your administrator account’s access control profile must have either w or rw permission to the loggrp area. For details, see Permissions.
Syntax
config log fortianalyzer-policy
edit "<policy_name>"
config fortianalyzer-server-list
edit <entry_index>
set ip-address "<forti-analyzer_ipv4>"
set enc-algorithm {disable | default}
end
next
end
| Variable | Description | Default |
|
Enter the name of the new or existing FortiAnalyzer policy. The maximum length is 63 characters. To display a list of the existing policies, enter:
|
No default. | |
| Enter the index number of the individual entry in the table. |
No default. | |
| Enter the IP address of the remote FortiAnalyzer appliance. | No default. | |
| Specifies whether FortiWeb transmits logs to the FortiAnalyzer appliance using SSL. |
disable
|
Example
This example creates a policy entry and assigns an IP address, then enables FortiAnalyzer logging for log messages with a severity of error or higher.
config log fortianalyzer-policy
edit "fa-policy1"
config fortianalyzer-policy
edit 1
set ip-address "192.0.2.133"
end
next
end
config log forti-analyzer
set fortianalyzer-policy "fa-policy1"
set status enable
set severity error
end