Description
This article describes how to enable FortiCloud logging on the FortiGate.
Scope
FortiCloud.
Solution
Enabling FortiCloud setting from CLI.
In order to enable FortiCloud logging, use any SSH/telnet client (e.g. PuTTY) to access the FortiGate through the CLI or the 'Web Interface' by selecting the CLI console on the top right corner.
Once logged in, execute the following commands:
config log fortiguard setting
set status enable
end
The next step is to activate the FortiCloud Account.
Locate the FortiCloud section under System -> Dashboard and select activate to create a FortiCloud account or log into the existing account.
Once the account is active, the account information will appear in the 'Dashboard'.
Now configure the FortiGate to send logs to FortiCloud.
Go to Log & Report -> Log Settings -> Cloud Logging Settings.
Go to Log & Report -> Log Settings -> Cloud Logging Settings.
Select the Upload option to Realtime in case more accurate logging is needed.
Note that this will make FortiGate utilize more CPU resources to send traffic to FortiCloud.
In order to set the FortiGate to display the Logs from FortiCloud, go to Dashboard -> Log & Report -> Events -> System Events -> FortiCloud to display the logs directly from FortiCloud (if no logs are being saved to Disk or Memory).
In order to set the FortiGate to display the Logs from FortiCloud, go to Dashboard -> Log & Report -> Events -> System Events -> FortiCloud to display the logs directly from FortiCloud (if no logs are being saved to Disk or Memory).
Enable 'Logging' on Firewall Policy.
Go to Policy & Objects -> IPv4, enable Log allowed traffic, and select the logging option (Security Events/All Sessions).
Go to Policy & Objects -> IPv4, enable Log allowed traffic, and select the logging option (Security Events/All Sessions).
Related documents:
Technical Tip: How to register and activate a FortiCloud account
