log syslogd
Use this command to configure the FortiWeb appliance to send log messages to a Syslog server defined by log syslog-policy .
For improved performance, unless necessary, avoid logging highly frequent log types. While logs sent to your Syslog server do not persist in FortiWeb’s local RAM, FortiWeb still must use bandwidth and processing resources while sending the log message. |
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the loggrp
area. For details, see Permissions.
Syntax
config log syslogd
set severity {alert | critical | debug | emergency | error | information | notification | warning}
set policy "<syslogd-policy_name>"
set logtype {elog | tlog | alog}
config custom-field
edit 1
set name <name1>
set value <value1>
next
edit 2
set name <name2>
set value <value2>
next
end
Variable | Description | Default |
Enable to send log messages to the Syslog server defined by log syslog-policy. Also configure: |
disable
|
|
facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | mail | ntp | user} |
Enter the facility identifier that the FortiWeb appliance will use to identify itself when sending log messages to the first Syslog server. To easily identify log messages from the FortiWeb appliance when they are stored on the Syslog server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier. |
local7
|
severity {alert | critical | debug | emergency | error | information | notification | warning} |
Select the severity level that a log message must meet or exceed in order to cause the FortiWeb appliance to send it to the first Syslog server. | information
|
If logging to a Syslog server is enabled, enter the name of a Syslog policy which describes the Syslog server to which the log message will be sent. The maximum length is 63 characters. For details about Syslog policies, see log syslog-policy. |
No default. | |
name |
Set this option to add customized identifiers in syslog records, for example, add the hostname in syslogs so that you can easily track the logs for specific hosts. Enter a name for the identifier. |
No default. |
value |
Enter the value of the identifier. It can be a fixed value or a variable. In the HA deployment, the configuration is synchronized among the HA group members but meanwhile each member should have its own hostname recorded in the syslog. In this case, you can use the variable such as |
No default. |
Select the log types to be stored on Syslog servers. Please note if a particular log type is not saved on local hard disk, it cannot be saved on an external log server, as the logs must be transferred from local storage to remote servers. |
elog tlog alog |
Example
This example enables storage of log messages with the notification
severity level and higher on the Syslog server. The network connections to the Syslog server are defined in Syslog_Policy1
. The FortiWeb appliance uses the facility identifier local7
when sending log messages to the Syslog server to differentiate its own log messages from those of other network devices using the same Syslog server.
config log syslogd
set status enable
set severity notification
set facility local7
set policy "Syslog_Policy1"
end