log forti-analyzer
Use this command to configure the FortiWeb appliance to send its log messages to a remote FortiAnalyzer appliance.
You must first define one or more FortiAnalyzer policies using log fortianalyzer-policy.
Logs sent to FortiAnalyzer are controlled by FortiAnalyzer policies and trigger actions that you configure on the FortiWeb appliance, and are associated with various types of violations.
Logs stored remotely cannot be viewed from the web UI, and cannot be used by FortiWeb to build reports. If you require these features, record logs locally as well as remotely.
Usually, you should set trigger actions for specific types of violations. Failure to do so will result in the FortiWeb appliance logging every occurrence, which could result in high log volume and reduced system performance. Excessive logging for an extended period of time may cause premature hard disk failure. |
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the loggrp
area. For details, see Permissions.
Syntax
config log forti-analyzer
set fortianalyzer-policy "<policy_name>"
set severity {alert | critical | debug | emergency | error | information | notification | warning}
set traffic_packet {enable | disable}
set logtype {elog | tlog | alog}
end
Example
This example enables FortiAnalyzer logging and recording of the log messages. Only the log messages with a severity of error
or higher are recorded.
config log forti-analyzer
set status enable
set severity error
end