| Description |
This article describes how to configure FortiMail to send logs to FortiAnalyzer. Logs from FortiMail can be sent to be stored on a remote logging device, such as FortiAnalyzer. |
| Scope | FortiAnalyzer and FortiMail. |
| Solution |
1) Ensure that the FortiMail is reachable from the FortiAnalyzer and that there are no connectivity issues between the two. Furthermore, ensure that UDP Port 514 is open on both ends for logging purposes.
2) Check the compatibility between the FortiMail and FortiAnalyzer versions in the FortiAnalyzer documents: https://docs.fortinet.com/document/fortianalyzer/7.2.1/release-notes/865133/fortimail https://docs.fortinet.com/document/fortianalyzer/7.2.1/release-notes/4289/fortimail-models
3) Configure on FortiMail: - On the FortiMail GUI, go to Log & Report -> Log Setting -> Remote, and select 'New' to create a new entry for the remote host. - Toggle on the Enable Option to allow logging to a remote host, which is FortiAnalyzer in this case. - Enter the Name for the remote host profile as well the FortiAnalyzer’s IP Address. - Default port used is UDP Port 514. - Choose the log severity level in which a log message level must equal or exceed for it to be stored. - Expand and edit the Logging Policy Configuration in order to enable the types of logs that you wish to be sent and stored to FortiAnalyzer. - Select 'Create'.
4) Configure on FortiAnalyzer: - Select the root ADOM and navigate to Device Manager. - The FortiMail will be visible, together with its Serial Number and connecting IP under the Unauthorized Devices section.
- Authorize the device and place it under the selected ADOM.
- Under Device Manager, ensure that Logs are received in Real Time (Green Icon) after the device has been onboarded.
- Logs can be viewed under Log View, mainly for System Event and Mail Event that was enabled previously.
 |
