FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
This article describes how to configure FortiWeb to send logs to FortiAnalyzer.

1. In FortiWeb, create a FortiAnalyzer Policy.

This will define where the FortiAnalyzer is located.

The policy name can be a numerical value or text.
The IP address of the FortiAnalyzer must also be set here.

For example:
config log fortianalyzer-policy
  edit "0"
    set ip-address
2. In FortiWeb, apply the policy.

Define the level of logs that will be sent to the FortiAnalyzer and which FortiAnalyzer policy to use:
config log forti-analyzer
  set severity debug
  set fortianalyzer-policy 0

In this example, the severity is set to DEBUG. This will send the highest level of logs to the FortiAnalyzer.
The policy is set as "0", which is the policy created in the previous step.

3. In FortiAnalyzer, enable the FortiWeb ADOM.

To be able to receive logs on the FortiAnalyzer, you must enable ADOMs in order to make the FortiWeb ADOM available. By default, there is only a FortiGate ADOM.


Log out and log back in. A reboot is not required.

4. In FortiAnalyzer, add FortiWeb to FortiWeb ADOM.


Go to Device Manager > Unregistered Devices.
Select the FortiWeb device in the list, then select the FortiWeb ADOM from the drop-down list.
> Go.


End result: the FortiWeb can be found in the Device List (Device & Groups > FortiWeb > All FortiWebs).

In the above example two FortiWebs have been assigned to the FortiWeb ADOM.