Fortinet white logo
Fortinet white logo

CLI Reference

log fortianalyzer

log forti-analyzer

Use this command to configure the FortiWeb appliance to send its log messages to a remote FortiAnalyzer appliance.

You must first define one or more FortiAnalyzer policies using log fortianalyzer-policy.

Logs sent to FortiAnalyzer are controlled by FortiAnalyzer policies and trigger actions that you configure on the FortiWeb appliance, and are associated with various types of violations.

Logs stored remotely cannot be viewed from the web UI, and cannot be used by FortiWeb to build reports. If you require these features, record logs locally as well as remotely.

Usually, you should set trigger actions for specific types of violations. Failure to do so will result in the FortiWeb appliance logging every occurrence, which could result in high log volume and reduced system performance. Excessive logging for an extended period of time may cause premature hard disk failure.

To use this command, your administrator account’s access control profile must have either w or rw permission to the loggrp area. For details, see Permissions.

Syntax

config log forti-analyzer

set fortianalyzer-policy "<policy_name>"

set status {enable | disable}

set severity {alert | critical | debug | emergency | error | information | notification | warning}

set traffic_packet {enable | disable}

end

Variable Description Default

fortianalyzer-policy "<policy_name>"

Enter the name of an existing FortiAnalyzer policy to use when storing log information remotely. The maximum length is 63 characters.

To view a list of the existing FortiAnalyzer policies, enter :

set fortianalyzer-policy ?

No default.

status {enable | disable}

Enable to record event log messages to FortiAnalyzer if it meets or exceeds the severity level configured in severity. disable

severity {alert | critical | debug | emergency | error | information | notification | warning}

Select the severity level that a log message must meet or exceed in order to cause the FortiWeb appliance to save it to FortiAnalyzer. information

traffic_packet {enable | disable}

Enable to append traffic packet log to the traffic logs sent to FortiAnalyzer. The packet information may be helpful for troubleshooting.

To use this feature, you must already have enabled packet-log in config log traffic-log.

Please note that enabling this might consume system resources, thus decreasing the performance of sending logs to FortiAnalyzer.

disable

Example

This example enables FortiAnalyzer logging and recording of the log messages. Only the log messages with a severity of error or higher are recorded.

config log forti-analyzer

set status enable

set severity error

end

Related topics

log fortianalyzer

log forti-analyzer

Use this command to configure the FortiWeb appliance to send its log messages to a remote FortiAnalyzer appliance.

You must first define one or more FortiAnalyzer policies using log fortianalyzer-policy.

Logs sent to FortiAnalyzer are controlled by FortiAnalyzer policies and trigger actions that you configure on the FortiWeb appliance, and are associated with various types of violations.

Logs stored remotely cannot be viewed from the web UI, and cannot be used by FortiWeb to build reports. If you require these features, record logs locally as well as remotely.

Usually, you should set trigger actions for specific types of violations. Failure to do so will result in the FortiWeb appliance logging every occurrence, which could result in high log volume and reduced system performance. Excessive logging for an extended period of time may cause premature hard disk failure.

To use this command, your administrator account’s access control profile must have either w or rw permission to the loggrp area. For details, see Permissions.

Syntax

config log forti-analyzer

set fortianalyzer-policy "<policy_name>"

set status {enable | disable}

set severity {alert | critical | debug | emergency | error | information | notification | warning}

set traffic_packet {enable | disable}

end

Variable Description Default

fortianalyzer-policy "<policy_name>"

Enter the name of an existing FortiAnalyzer policy to use when storing log information remotely. The maximum length is 63 characters.

To view a list of the existing FortiAnalyzer policies, enter :

set fortianalyzer-policy ?

No default.

status {enable | disable}

Enable to record event log messages to FortiAnalyzer if it meets or exceeds the severity level configured in severity. disable

severity {alert | critical | debug | emergency | error | information | notification | warning}

Select the severity level that a log message must meet or exceed in order to cause the FortiWeb appliance to save it to FortiAnalyzer. information

traffic_packet {enable | disable}

Enable to append traffic packet log to the traffic logs sent to FortiAnalyzer. The packet information may be helpful for troubleshooting.

To use this feature, you must already have enabled packet-log in config log traffic-log.

Please note that enabling this might consume system resources, thus decreasing the performance of sending logs to FortiAnalyzer.

disable

Example

This example enables FortiAnalyzer logging and recording of the log messages. Only the log messages with a severity of error or higher are recorded.

config log forti-analyzer

set status enable

set severity error

end

Related topics