To configure the primary HA unit.
Configure a global syslog server:# config globalSet up a VDOM exception to enable setting the global syslog server on the secondary HA unit:
# config log syslog setting
set status enable
set server 172.16.200.44
set facility local6
set format default
end
end# config globalTo configure the secondary HA unit.
# config system vdom-exception
edit 1
set object log.syslogd.setting
next
end
end
Configure a global syslog server# config globalAfter the primary and secondary unit synchronize, generate logs on the secondary unit.
# config log syslogd setting
set status enable
set server 172.16.200.55
set facility local5
end
endTo confirm that logs are been sent to the syslog server configured on the secondary unit.On the primary unit, retrieve the following packet capture from the secondary unit's syslog server:# diagnose sniffer packet any "host 172.16.200.55" 6Configure a different syslog server in the root VDOM on a secondary HA unit.
interfaces=[any]
filters=[host 172.16.200.55]
266.859494 port2 out 172.16.200.2.7434 -> 172.16.200.55.514: udp 278
0x0000 0000 0000 0000 0009 0f09 0004 0800 4500 ..............E.
0x0010 0132 f3c7 0000 4011 9d98 ac10 c802 ac10 .2....@.........
0x0020 c837 1d0a 0202 011e 4b05 3c31 3734 3e64 .7......K.<174>d
0x0030 6174 653d 3230 3230 2d30 332d 3134 2074 ate=2020-03-14.t
0x0040 696d 653d 3132 3a30 303a 3035 2064 6576 ime=12:00:05.dev
0x0050 6e61 6d65 3d22 466f 7274 6947 6174 652d name="FGT-81E-Sl
0x0060 3831 455f 4122 2064 6576 6964 3d22 4647 ave-A".devid="FG
0x0070 5438 3145 3451 3136 3030 3030 3438 2220 T81E4Q16000048".
0x0080 6c6f 6769 643d 2230 3130 3030 3230 3032 logid="010002002
0x0090 3722 2074 7970 653d 2265 7665 6e74 2220 7".type="event".
0x00a0 7375 6274 7970 653d 2273 7973 7465 6d22 subtype="system"
0x00b0 206c 6576 656c 3d22 696e 666f 726d 6174 .level="informat
0x00c0 696f 6e22 2076 643d 2276 646f 6d31 2220 ion".vd="vdom1".
0x00d0 6576 656e 7474 696d 653d 3135 3834 3231 eventtime=158421
0x00e0 3234 3035 3835 3938 3335 3639 3120 747a 2405859835691.tz
0x00f0 3d22 2d30 3730 3022 206c 6f67 6465 7363 ="-0700".logdesc
0x0100 3d22 4f75 7464 6174 6564 2072 6570 6f72 ="Outdated.repor
0x0110 7420 6669 6c65 7320 6465 6c65 7465 6422 t.files.deleted"
0x0120 206d 7367 3d22 4465 6c65 7465 2031 206f .msg="Delete.1.o
0x0130 6c64 2072 6570 6f72 7420 6669 6c65 7322 ld.report.files"To configure the primary HA unit.Configure a global syslog server:# config globalSet up a VDOM exception to enable syslog-override in the secondary HA unit root VDOM.
# config log syslog setting
set status enable
set server 172.16.200.44
set facility local6
set format default
end
end# config globalIn the VDOM, enable syslog-override in the log settings, and set up the override syslog server.
# config system vdom-exception
edit 1
set object log.syslogd.override-setting
set scope inclusive
set vdom root
next
end
end# config rootAfter syslog-override is enabled, an override syslog server must be configured, as logs will not be sent to the global syslog server.
# config log setting
set syslog-override enable
end
# config log syslog override-setting
set status enable
set server 172.16.200.44
set facility local6
set format default
end
endTo configure the secondary HA unit.
Configure an override syslog server in the root VDOM:# config rootAfter the primary and secondary unit synchronize, generate logs in the root VDOM on the secondary unit.
# config log syslogd override-setting
set status enable
set server 172.16.200.55
set facility local5
set format default
end
endTo confirm that logs are been sent to the syslog server configured for the root VDOM on the secondary unit.
1) On the primary unit, retrieve the following packet capture from the syslog server configured in the root VDOM on the secondary unit:# diagnose sniffer packet any "host 172.16.200.55" 6
interfaces=[any]
filters=[host 172.16.200.55]156.759696 port2 out 172.16.200.2.1165 -> 172.16.200.55.514: udp 277
0x0000 0000 0000 0000 0009 0f09 0004 0800 4500 ..............E.
0x0010 0131 f398 0000 4011 9dc8 ac10 c802 ac10 .1....@.........
0x0020 c837 048d 0202 011d af5f 3c31 3734 3e64 .7......._<174>d
0x0030 6174 653d 3230 3230 2d30 332d 3134 2074 ate=2020-03-14.t
0x0040 696d 653d 3131 3a33 353a 3035 2064 6576 ime=11:35:05.dev
0x0050 6e61 6d65 3d22 466f 7274 6947 6174 652d name="FGT-81E-Sl
0x0060 3831 455f 4122 2064 6576 6964 3d22 4647 ave-A".devid="FG
0x0070 5438 3145 3451 3136 3030 3030 3438 2220 T81E4Q16000048".
0x0080 6c6f 6769 643d 2230 3130 3030 3230 3032 logid="010002002
0x0090 3722 2074 7970 653d 2265 7665 6e74 2220 7".type="event".
0x00a0 7375 6274 7970 653d 2273 7973 7465 6d22 subtype="system"
0x00b0 206c 6576 656c 3d22 696e 666f 726d 6174 .level="informat
0x00c0 696f 6e22 2076 643d 2272 6f6f 7422 2065 ion".vd="root".e
0x00d0 7665 6e74 7469 6d65 3d31 3538 3432 3130 venttime=1584210
0x00e0 3930 3537 3539 3334 3132 3632 2074 7a3d 905759341262.tz=
0x00f0 222d 3037 3030 2220 6c6f 6764 6573 633d "-0700".logdesc=
0x0100 224f 7574 6461 7465 6420 7265 706f 7274 "Outdated.report
0x0110 2066 696c 6573 2064 656c 6574 6564 2220 .files.deleted".
0x0120 6d73 673d 2244 656c 6574 6520 3220 6f6c msg="Delete.2.ol
0x0130 6420 7265 706f 7274 2066 696c 6573 22 d.report.files"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.