Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

log syslogd

Use this command to configure the FortiWeb appliance to send log messages to a Syslog server defined by log syslog-policy .

For improved performance, unless necessary, avoid logging highly frequent log types. While logs sent to your Syslog server do not persist in FortiWeb’s local RAM, FortiWeb still must use bandwidth and processing resources while sending the log message.

To use this command, your administrator account’s access control profile must have either w or rw permission to the loggrp area. For details, see Permissions.

Syntax

config log syslogd

set status {enable | disable}

set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | mail | ntp | user}

set severity {alert | critical | debug | emergency | error | information | notification | warning}

set policy "<syslogd-policy_name>"

config custom-field

edit 1

set name <name1>

set value <value1>

next

edit 2

set name <name2>

set value <value2>

next

end

Variable Description Default

status {enable | disable}

Enable to send log messages to the Syslog server defined by log syslog-policy. Also configure:

disable

facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | mail | ntp | user}

Enter the facility identifier that the FortiWeb appliance will use to identify itself when sending log messages to the first Syslog server.

To easily identify log messages from the FortiWeb appliance when they are stored on the Syslog server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier.

local7

severity {alert | critical | debug | emergency | error | information | notification | warning}

Select the severity level that a log message must meet or exceed in order to cause the FortiWeb appliance to send it to the first Syslog server. information

policy "<syslogd-policy_name>"

If logging to a Syslog server is enabled, enter the name of a Syslog policy which describes the Syslog server to which the log message will be sent. The maximum length is 63 characters.

For details about Syslog policies, see log syslog-policy.

No default.

name

Set this option to add customized identifiers in syslog records, for example, add the hostname in syslogs so that you can easily track the logs for specific hosts.

Enter a name for the identifier.

No default.

value

Enter the value of the identifier. It can be a fixed value or a variable.

In the HA deployment, the configuration is synchronized among the HA group members but meanwhile each member should have its own hostname recorded in the syslog. In this case, you can use the variable such as set value $hostname to refer to the hostname defined in config system global. Only the hostname variable is supported.

No default.

Example

This example enables storage of log messages with the notification severity level and higher on the Syslog server. The network connections to the Syslog server are defined in Syslog_Policy1. The FortiWeb appliance uses the facility identifier local7 when sending log messages to the Syslog server to differentiate its own log messages from those of other network devices using the same Syslog server.

config log syslogd

set status enable

set severity notification

set facility local7

set policy "Syslog_Policy1"

end

log syslogd

Use this command to configure the FortiWeb appliance to send log messages to a Syslog server defined by log syslog-policy .

For improved performance, unless necessary, avoid logging highly frequent log types. While logs sent to your Syslog server do not persist in FortiWeb’s local RAM, FortiWeb still must use bandwidth and processing resources while sending the log message.

To use this command, your administrator account’s access control profile must have either w or rw permission to the loggrp area. For details, see Permissions.

Syntax

config log syslogd

set status {enable | disable}

set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | mail | ntp | user}

set severity {alert | critical | debug | emergency | error | information | notification | warning}

set policy "<syslogd-policy_name>"

config custom-field

edit 1

set name <name1>

set value <value1>

next

edit 2

set name <name2>

set value <value2>

next

end

Variable Description Default

status {enable | disable}

Enable to send log messages to the Syslog server defined by log syslog-policy. Also configure:

disable

facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | mail | ntp | user}

Enter the facility identifier that the FortiWeb appliance will use to identify itself when sending log messages to the first Syslog server.

To easily identify log messages from the FortiWeb appliance when they are stored on the Syslog server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier.

local7

severity {alert | critical | debug | emergency | error | information | notification | warning}

Select the severity level that a log message must meet or exceed in order to cause the FortiWeb appliance to send it to the first Syslog server. information

policy "<syslogd-policy_name>"

If logging to a Syslog server is enabled, enter the name of a Syslog policy which describes the Syslog server to which the log message will be sent. The maximum length is 63 characters.

For details about Syslog policies, see log syslog-policy.

No default.

name

Set this option to add customized identifiers in syslog records, for example, add the hostname in syslogs so that you can easily track the logs for specific hosts.

Enter a name for the identifier.

No default.

value

Enter the value of the identifier. It can be a fixed value or a variable.

In the HA deployment, the configuration is synchronized among the HA group members but meanwhile each member should have its own hostname recorded in the syslog. In this case, you can use the variable such as set value $hostname to refer to the hostname defined in config system global. Only the hostname variable is supported.

No default.

Example

This example enables storage of log messages with the notification severity level and higher on the Syslog server. The network connections to the Syslog server are defined in Syslog_Policy1. The FortiWeb appliance uses the facility identifier local7 when sending log messages to the Syslog server to differentiate its own log messages from those of other network devices using the same Syslog server.

config log syslogd

set status enable

set severity notification

set facility local7

set policy "Syslog_Policy1"

end