Technical Tip: How to send FortiManager local event logs to FortiAnalyzer
Description
This article describes how to send FortiManager local event logs to FortiAnalyzer.
Scope
FotiManager.
Solution
Option 1 - Enable logging through FortiManager CLI.
- Log in to the FortiManager CLI.
- Configure FortiAnalyzer as a logging destination using the 'config system locallog fortianalyzer' command.
Related document :
Option 2 - Enable FortiAnalyzer Features on FortiManager.
- The user can send FortiManager local event logs to FortiAnalyzer by navigating as below. Enable FortiAnalyzer Features on System Settings -> Dashboard.
Under System Settings -> Device Log Settings -> Local Device Log -> Enable 'Send the local event logs to FortiAnalyzer/FortiManager' -> Enter the FortiAnalyzer 'IP Address' and set the 'Severity Level' -> Apply.
- Once the changes are saved in FortiManager Device Log Settings, authorize the FortiManager in the FortiAnalyzer to allow FortiAnalyzer to start receiving logs from FortiManager.
- Once the FortiManager is fully authorized, the user will be able to view the FortiManager local event logs under Log View.
If the event logs are not present or properly shown under Log View, run a manual SQL database rebuild for the FortiManager ADOM via the command below.
exe sql-local rebuild-adom FortiManager
On FortiManager, it is possible to filter the logging to FortiAnalyzer servers as below:
config sys locallog fortianalyzer filter
(filter)#
set Modify value.
Example: to disable the fgfm logging to syslog servers as below:
config sys locallog fortianalyzer filter
set fgfm disable
end
All valid examples:
