Description | This article discusses setting a severity-based filter for External Syslog in FortiGate. | |||||||||||||||||||||||||||
Scope | FortiGate. | |||||||||||||||||||||||||||
Solution |
When using an external Syslog server for receiving logs from FortiGate, there is an option that lets filter it based on the log severity. By setting the severity, the log will include messages under the selected severity and include the above severities. By default, it is set to information.
The severity levels are as below:
config log syslogd filter
Note: When the security parameter is used as a 'Warning', the lower value of the security parameter logs will be forwarded.
When using FortiAnalyzer/FortiManager for receiving logs from the FortiGate, to configure log filter settings to determine which logs will be recorded (for example: 'Warning', 'Critical', 'Alert', and 'Emergency' ), the following command should be used:
config log fortianalyzer filter
Related article: Technical Tip: Filtering specific event logs that will be forwarded to a syslog server |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.