Fortinet black logo

CLI Reference

log fortianalyzer-policy

log fortianalyzer-policy

Use this command to create policies for use by protection rules to store log messages remotely on a FortiAnalyzer appliance. For example, once you create a FortiAnalyzer policy, you can include it in a trigger policy, which in turn can be applied to a trigger action in a protection rule.

You need to create a FortiAnalyzer policy if you also plan to send log messages to a FortiAnalyzer appliance.

To use this command, your administrator account’s access control profile must have either w or rw permission to the loggrp area. For details, see Permissions.

Syntax

config log fortianalyzer-policy

edit "<policy_name>"

config fortianalyzer-server-list

edit <entry_index>

set ip-address "<forti-analyzer_ipv4>"

end

next

end



Variable Description Default

"<policy_name>"

Enter the name of the new or existing FortiAnalyzer policy. The maximum length is 63 characters.

To display a list of the existing policies, enter:

edit ?

No default.

<entry_index>

Enter the index number of the individual entry in the table.
No default.

ip-address "<forti-analyzer_ipv4>"

Enter the IP address of the remote FortiAnalyzer appliance. No default.

Example

This example creates a policy entry and assigns an IP address, then enables FortiAnalyzer logging for log messages with a severity of error or higher.

config log fortianalyzer-policy

edit "fa-policy1"

config fortianalyzer-policy

edit 1

set ip-address "192.0.2.133"

end

next

end

config log forti-analyzer

set fortianalyzer-policy "fa-policy1"

set status enable

set severity error

end

Related topics

log fortianalyzer-policy

log fortianalyzer-policy

Use this command to create policies for use by protection rules to store log messages remotely on a FortiAnalyzer appliance. For example, once you create a FortiAnalyzer policy, you can include it in a trigger policy, which in turn can be applied to a trigger action in a protection rule.

You need to create a FortiAnalyzer policy if you also plan to send log messages to a FortiAnalyzer appliance.

To use this command, your administrator account’s access control profile must have either w or rw permission to the loggrp area. For details, see Permissions.

Syntax

config log fortianalyzer-policy

edit "<policy_name>"

config fortianalyzer-server-list

edit <entry_index>

set ip-address "<forti-analyzer_ipv4>"

end

next

end



Variable Description Default

"<policy_name>"

Enter the name of the new or existing FortiAnalyzer policy. The maximum length is 63 characters.

To display a list of the existing policies, enter:

edit ?

No default.

<entry_index>

Enter the index number of the individual entry in the table.
No default.

ip-address "<forti-analyzer_ipv4>"

Enter the IP address of the remote FortiAnalyzer appliance. No default.

Example

This example creates a policy entry and assigns an IP address, then enables FortiAnalyzer logging for log messages with a severity of error or higher.

config log fortianalyzer-policy

edit "fa-policy1"

config fortianalyzer-policy

edit 1

set ip-address "192.0.2.133"

end

next

end

config log forti-analyzer

set fortianalyzer-policy "fa-policy1"

set status enable

set severity error

end

Related topics