Description
This article provides a general guide of how to override the syslog general settings so that a specific VDOM can send logs to a different syslog server.
This also applies when it is needed for just one VDOM to be able to send logs to a syslog server.
This article also demonstrates an example of configuring the FortiGate to send logs to a Tftpd64 Syslog Server.
Solution
From the CLI, execute the following commands:
conf vdom
edit "VDOM_NAME"
edit "VDOM_NAME"
conf log syslogd override-setting
set override enable
set status enable
set server x.x.x.x <- Where x.x.x.x is the IP address of syslog server.
set port 514
set source-ip x.x.x.x <- Optional to specify the source IP from where the connections will originate.
end
set override enable
set status enable
set server x.x.x.x <- Where x.x.x.x is the IP address of syslog server.
set port 514
set source-ip x.x.x.x <- Optional to specify the source IP from where the connections will originate.
end
In 6.4.x, to enable syslog server override under VDOM:
From the CLI, execute the following command:
From the CLI, execute the following command:
config vdom
edit "VDOM_NAME"
edit "VDOM_NAME"
config log setting
set syslog-override enable
end
set syslog-override enable
end
When syslog-override is enabled, the following CLI commands are available for configuring VDOM override:
To configure VDOM override for a syslog server:
To configure VDOM override for a syslog server:
- Configure the syslog override settings.
config log syslogd/syslogd2/syslogd3/syslogd4 override-setting
set status enable
set server x.x.x.x <- Where x.x.x.x is the IP address of syslog server.
set port 514
set source-ip x.x.x.x <- Optional to specify the source IP from where the connections will originate.
end
- Configure the override filters:
config log syslogd/syslogd2/syslogd3/syslogd4 override-filter
set severity information
set forward-traffic enable
set local-traffic enable
set multicast-traffic enable
set sniffer-traffic enable
set anomaly enable
set voip enable
set dns enable
set ssh enable
set ssl enable
end
The change can now be verified from the GUI.
Below is an example of configuring the FortiGate to send logs to the Tftpd64 Syslog Server:
Configure the IP address form the FortiGate and from the Client where the Tftpd64 Syslog Server is installed.
10.101.20.123/20 is configured on port3 of the FortiGate,
10.101.20.124/20 is configured on the Ethernet port of the Client running on Windows 10. As a gateway, it is assigned the IP address of port3 on the FortiGate.
Execute the following commands to configure syslog settings on the FortiGate:
config log syslogd setting
set status enable
set server "10.101.20.124"
set source-ip "10.101.20.123"
end
Install Tftpd64 on the client. After the installation is finished, open the application and choose the interface as below:
After choosing the interface, the logs will start to come to the Tftpd64 Syslog Server, as below:
