FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vpoluri
Staff
Staff

Description

 

This article provides a general guide of how to override the syslog general settings so that a specific VDOM can send logs to a different syslog server. 
This also applies when it is needed for just one VDOM to be able to send logs to a syslog server.


Solution

 

From the CLI, execute the following commands:
# conf vdom
    edit "VDOM_NAME"
# conf log syslogd override-setting
    set override enable
    set status enable
    set server x.x.x.x      <----- Where x.x.x.x is the IP address of syslog server.
    set port 514
    set source-ip x.x.x.x   <----- Optional to specify the source IP from where the connections will originate.
end
In 6.4.x, to enable syslog server override under VDOM.

From the CLI, execute the following command.
# config vdom
    edit "VDOM_NAME"
# config log setting
    set syslog-override enable
end
When syslog-override is enabled, the following CLI commands are available for configuring VDOM override:

To configure VDOM override for a syslog server:

1) Configure the syslog override settings.
# config log syslogd/syslogd2/syslogd3/syslogd4 override-setting
    set status enable
    set server x.x.x.x      <----- Where x.x.x.x is the IP address of syslog server.
    set port 514
    set source-ip x.x.x.x   <----- Optional to specify the source IP from where the connections will originate.
end
2) Configure the override filters.
# config log syslogd/syslogd2/syslogd3/syslogd4 override-filter
    set severity information
    set forward-traffic enable
    set local-traffic enable
    set multicast-traffic enable
    set sniffer-traffic enable
    set anomaly enable
    set voip enable
    set dns enable
    set ssh enable
    set ssl enable
end
The change can now be verified from GUI.