Technical Note: How to configure FortiWeb to send logs to FortiAnalyzer

Robin_McDonald_FTNT · ‎02-24-2015

Description
This article describes how to configure FortiWeb to send logs to FortiAnalyzer.

Solution
1. In FortiWeb, create a FortiAnalyzer Policy.

This will define where the FortiAnalyzer is located.

The policy name can be a numerical value or text.
The IP address of the FortiAnalyzer must also be set here.

For example:

config log fortianalyzer-policy
edit "0"
set ip-address 192.168.88.87
next
end

2. In FortiWeb, apply the policy.

Define the level of logs that will be sent to the FortiAnalyzer and which FortiAnalyzer policy to use:

config log forti-analyzer
set severity debug
set fortianalyzer-policy 0
end

In this example, the severity is set to DEBUG. This will send the highest level of logs to the FortiAnalyzer.
The policy is set as "0", which is the policy created in the previous step.

3. In FortiAnalyzer, enable the FortiWeb ADOM.

To be able to receive logs on the FortiAnalyzer, you must enable ADOMs in order to make the FortiWeb ADOM available. By default, there is only a FortiGate ADOM.

Log out and log back in. A reboot is not required.

4. In FortiAnalyzer, add FortiWeb to FortiWeb ADOM.

Go to Device Manager > Unregistered Devices.
Select the FortiWeb device in the list, then select the FortiWeb ADOM from the drop-down list.

> Go.

End result: the FortiWeb can be found in the Device List (Device & Groups > FortiWeb > All FortiWebs).

In the above example two FortiWebs have been assigned to the FortiWeb ADOM.