enable syslog with kiwi

Forum|Forum|16 years ago
June 4, 2010
6 replies
7322 views

hi. would i capture all user traffic with url record and transfer to kiwi syslog throught fortinet syslog function. Which " minimum log level" and " facility" i have to choose. Thanks

hidayet

New Member

Hi Tonycd, Minimum log level - Information Facility - local7

SECCON1MC

New Member

Just an FYI, the traffic logs contain the stats for session bandwidth. The web-filter logs contain the information on urls visited (within a session). You will have to do a lot of parsing, crunching, and correlating to get that data into a single logical " row" of information. Good luck!

A

Anonymous_UserAuthor

Contributor

thanks all..but i can' t see any url from the syslog. what i did wrong..

SECCON1MC

New Member

make sure everything is enabled that you would want via:

config log syslogd filter

Also make sue you are set to log everything in the protection profile you are using.

rwpatterson

New Member

Unlike the FortiAnalyzer, I think the syslog only outputs IP addresses.

SECCON1MC

New Member

rwpatterson - which field are you referring to? I am almost 100% sure that the syslog logs have everything available in it that fortianalyzer logs have. We use the FortiAnalyzer protocol for our service (which allows for easy 3DES encryption of the stream and a DLP of coarse) but have used the syslog transport method in the past without degradation of the available log data.

rwpatterson

New Member

LOL! You' re probably right. The one syslog server I set up was capturing inbound traffic. Hence no URI information, duh!

A

Anonymous_UserAuthor

Contributor

may i was misleading you guys that i want to capture the user traffic log without using fortianalyzer. Thanks all again....

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded