Solved
Syslog configuration
Hi,
I am using one free syslog application , I want to forward this logs to the syslog server how can I do that
Thanks
Hi
there is one point which is not noted here and which is important specially for 5.2.x because the behaviour changed in releases before 5.2.x. If you configure the syslog you have to:
# config log syslogd setting # set status enable # set server [FQDN Syslog Server or IP] # set reliable [Activate TCP-514 or UDP-514 which means UDP is default] # set port [Standard 514] # set csv [enable | disable] # set facility [By Standard local7] # set source-ip [Source IP of FortiGate; By Standard 0.0.0.0] # end
The important point is the facility and severity which means loca7 means "warning" (not a lot of messages). If you look to the filter which is used on the FGT 5.2 you will recognize that this filter is also using "warning":
# config log syslogd filter # get severity : warning forward traffic : enable local-traffic : enable multicast-traffic : enable sniffer-traffic : enable anomaly : enable netscan-discovery : enable netscan-vulnerability : enable voip : enable
To get really logging information of the FGT on a sylsog server both must be set to "information" which means:
# config log syslogd filter # severity : warning
# end
# config log syslogd setting # set facility [Information means local0] # end
Now you can be sure that "all" logging goes to the syslog. This behaviour you will find also based on other logging like "memory" because the filter of memory is also by standard on "warning". Keep this in mind....!
hope this helps
have fun
Andrea
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.