Description
Scope
Solution
FW-1 # config vdom
FW-1 (vdom) # edit root
FW-1 (root) # config log memory filter
FW-1 (filter) # set severity information
FW-1(filter) # end
FW-1 (root) # end
From WebGUI
1. Log into FortiGate.
From CLI
FW-1 # config vdom
FW-1 (vdom) # edit root
FW-1 (root) # config log eventfilter
FW-1 (eventfilter) # set event enable
FW-1 (eventfilter) # set system enable
...
FW-1(eventfilter) # end
FW-1 (root) # end
Logging Security Profile events
From WebGUI
In this profile define what events will trigger logs. In Firewall (or VDOM) > Security Profile, enable the desired Security Profile will be used in the policy.
Create a policy selecting the Security Profile that will be used:
Verification
In order to generate log events for the settings now made a CLI command can be used. Console in the GUI can be used in order to perform this in simple steps.
CLI command (go to desired VDOM if enabled):
Logging can be enabled by using either the GUI or the CLI. It should be noted that the CLI and WebGUI have been changed from previous releases. The configuration of logging in earlier releases is described in the related KB article below.
Scope
This article covers the steps required in three sections in order to enable and configure logging. As a final step an example is shown of CLI command that can be used to test this setup.
1. How first to enable logging to memory.
2. How to configure Event logging.
3. Steps needed to configure logging of Protection Profile.
4. Brief verification.
1. How first to enable logging to memory.
2. How to configure Event logging.
3. Steps needed to configure logging of Protection Profile.
4. Brief verification.
Solution
Enable logging to memory
From WebGUI
1. Log into FortiGate.
2. Go to Log&Report > Log Config
> Log Settings menu (if Virtual Domain is Enabled, please
set it under each VDOM).
3. Refer to GUI Preference and under Display Logs From select Memory.
4. Select Apply.
5. Go to Log&Report > Log Config > Threat Weight to select the Log Level from the list.
From CLI
FW-1 # config vdom
FW-1 (vdom) # edit root
FW-1 (root) # config log memory setting
FW-1 (setting) # set status enable
FW-1(setting) # end
FW-1 (root) # end
FW-1 # config vdom
FW-1 (vdom) # edit root
FW-1 (root) # config log memory setting
FW-1 (setting) # set status enable
FW-1(setting) # end
FW-1 (root) # end
FW-1 # config vdom
FW-1 (vdom) # edit root
FW-1 (root) # config log memory filter
FW-1 (filter) # set severity information
FW-1(filter) # end
FW-1 (root) # end
Setup Event
logging
From WebGUI
1. Log into FortiGate.
2. Go again to Log&Report > Log Config > Log Settings menu (if Virtual Domain is Enabled, please set it under each VDOM).
3. Refer to Event Logging and Enable it and select what types of events will be recorded from the list.
4 Select Apply
From CLI
FW-1 # config vdom
FW-1 (vdom) # edit root
FW-1 (root) # config log eventfilter
FW-1 (eventfilter) # set event enable
FW-1 (eventfilter) # set system enable
...
FW-1(eventfilter) # end
FW-1 (root) # end
Logging Security Profile events
From WebGUI
In this profile define what events will trigger logs. In Firewall (or VDOM) > Security Profile, enable the desired Security Profile will be used in the policy.
Create a policy selecting the Security Profile that will be used:
- Go to Firewall (or VDOM) > Policy & Objects > IPv4.
- Select and activate the Security Profile
- Refer to Logging Options and Activate the Log Allowe Traffic and check , at least, Security Events radio button.
Verification
In order to generate log events for the settings now made a CLI command can be used. Console in the GUI can be used in order to perform this in simple steps.
CLI command (go to desired VDOM if enabled):
#diagnose log test
Press enterWhen log settings have been correctly configured, test log
messages should be shown in Log
& Report> Event
Log>System menu.
Related Articles
Technical Note: How to configure logging to memory in FortiOS v4.0
