Technical Tip: Encrypt logs sent to FortiAnalyzer/FortiManager

Description

This article describes that FortiGate can send logs to the FortiAnalyzer or FortiManager in encrypted format to enhance the security of logs in critical environments.

Solution

To keep information in log messages sent to FortiAnalyzer private:
Go to Log & Report -> Log Settings and when 'Remote Logging' is configured to FortiAnalyzer/FortiManager, select 'Encrypt log transmission'.

Note: The option to enable SSL Encrypt log transmission is no longer available in GUI from 6.2.14.

From the CLI:

config log {fortianalyzer | fortianalyzer2 | fortianalyzer3}  setting
    set enc-algorithm high
    set reliable enable
end