Skip to main content
Tutek
Tutek
New Member
December 6, 2022
Question

Log only local system events

  • December 6, 2022
  • 1 reply
  • 1037 views

Hi,

I have branch fortigate which traffic all is going to hq fortigate and this fortigate send all logs to fortianalyzer, so this way traffic from branch is logged.

Some Ipv4 policies on branch are configured with option "Log Allowed Traffic: All Sessions" but this logs should only be in local memory and should not be forwarded to fortianalyzer, I would to send to fortianalyzer only local system events like failed admin logins etc, how to do this?

1 reply

JonathanTorian_FTNT
Staff
JonathanTorian_FTNT
Staff
December 8, 2022

Hi Tutek,

You can accomplish this using the "config log fortianalyzer filter" command as defined in the following documentation:

 

https://docs.fortinet.com/document/fortigate/6.2.1/cli-reference/386620/log-fortianalyzer-filter

 

Can you define a "free-form filter" that matches whatever criteria you want to send to the FortiAnalyzer from the FortiGate.

Terms & ConditionsAccessibility statement