tnaik
Staff
Created on 06-24-2021 10:33 PM Edited on 11-23-2022 02:42 AM By Jean-Philippe_P
Article Id
198611
Description
This article describes how to send specific log from FortiAnalyzer to syslog server.
For this demonstration, only IPS log send out from FortiAnalyzer to syslog is considered.
Solution
1) Check the 'Sub Type' of log.
From GUI, go to Log view -> Fortigate -> Intrusion Prevention and select log to check 'Sub Type'.
2) Apply filter under 'Log Forwarding'.
Log Field: Generic free-text filter, Match criteria:Match, Value:subtype=ips <-----Check the below screenshot.
Log Field: Generic free-text filter, Match criteria:Match, Value:subtype=ips <-----Check the below screenshot.
This will only send logs with sub-type IPS.
3) CLI will show the configuration as below: