Description
This article describes how to configure FortiADC to send log to Syslog Server.
- Fortinet Documentation Configuring syslog settings
- External: Kiwi Syslog https://www.kiwisyslog.com/free-tools/kiwi-free-syslog-server
Scope
FortiADC.
Solution
Before configuring FortiADC, set up the Kiwi Syslog Server. The following is the configuration:
- Navigate to Log & Report -> Log Setting -> Syslog Server.
- Under Syslog Server, select 'Create New'.
- Configure Syslog Server Settings.
The following is a sample screenshot of how it should look like if all options are enabled:
- The following are the configurations via CLI (based on the sample screen-shot above):
config log setting global-remote
edit 1
set status enable
set server <Syslog Server IP>
set facility kern
set event-log-status enable
set event-log-category configuration admin health_check system user slb llb glb fw
set traffic-log-status enable
set traffic-log-category slb dns llb
set attack-log-status enableset attack-log-status enable
set attack-log-category ddos ipreputation waf geo av ips fw ztna
next
end
edit 1
set status enable
set server <Syslog Server IP>
set facility kern
set event-log-status enable
set event-log-category configuration admin health_check system user slb llb glb fw
set traffic-log-status enable
set traffic-log-category slb dns llb
set attack-log-status enableset attack-log-status enable
set attack-log-category ddos ipreputation waf geo av ips fw ztna
next
end
- Run a sniffer command 'diagnose sniffer packet any “port 514” 4 0' to check on the FortiADC to see whether any syslog entry is sent:
- Cross-checking it on the Syslog Server:
