FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to enable logging on FortiController and configure it to send logs to syslog server or a FortiAnalyzer(with syslog ADOM).
Solution Settings required On FortiAnalyzer.
- Enable ADOM on FortiAnalyzer (skip this step if ADOM is already enabled). - Create New ADOM (syslog).
Settings required on Forticontroller.
Syslog related config is only available in the CLI and below commands are required to enable the syslog:
# config log syslogd setting set status enable set server "10.5.21.82" <----- 10.5.21.82 is the FortiAnalyzer IP in this case. end
By default, ALL the syslog filters are disabled as shown below:
# config log syslogd filter set event disable set severity information end
Once the 'set event enable' is applied, it will be possible to see the various event filters which are by default disabled as shown below:
# config log syslogd filter set event enable set severity information set base-switch-config disable set base-switch-general disable set base-switch-trunk disable set fabric-switch-config disable set fabric-switch-general disable set fabric-switch-stp disable set fabric-switch-trunk disable set system-config disable set system-general disable end
In order to receive basic events, enable the below:
# config log syslogd filter set event enable set system-general enable end
For testing, login and logout of the FortiController to see an event on the syslog.
Once the above settings are applied, Forticontroller will start sending the logs to the configured syslog server (in this case FortiAnalyzer). On the FortiAnalyzer, authorize the Forticontroller to start seeing the logs.