Technical Tip: Enabling reliable delivery of syslog messages from a FortiGate to a syslog server - RFC 3195

Description

This article describes since FortiOS 4.0MR1, the FortiGate implements the RAW profile of RFC 3195: 'Reliable Delivery for syslog'.

Scope

FortiGate.

Solution

Once enabled, the communication between a FortiGate and a syslog server, also supporting reliable delivery, will be based on TCP port 601. The port number can be changed on the FortiGate.

CLI configuration example to enable reliable delivery:

config log syslogd setting
    set status enable
    set server "10.160.0.171"
    set reliable enable
    set port 601
end

Note: If Syslog is also configured along with Forti Analyzer, the user may see an increase in log size. It is suggested to disable Syslog and use FortiAnalyzer only for logging.

For additional details, consult the FortiGate CLI guide or the Logging and Reporting FortiOS™ Handbook.