| Solution |
When using an external Syslog server for receiving logs from FortiGate, there is an option that lets filter it based on the log severity. By setting the severity, the log will include messages under the selected severity and include the above severities. By default, it is set to information.
The severity levels are as below:
| Parameter |
Numerical Value |
Description |
| Emergency |
0 |
Emergency level. |
| Alert |
1 |
Alert level. |
| Critical |
2 |
Critical level |
| Error |
3 |
Error level. |
| Warning |
4 |
Warning level. |
| Notification |
5 |
Notification level. |
| Information* |
6 |
Information level. |
| Debug |
7 |
Debug level. |
CLI Command:
config log syslogd filter
set severity (parameter) <----- Debug, information*, notification, warning, error, critical, alert, emergency.
end
Note: When the security parameter is used as a 'Warning', the lower value of the security parameter logs will be forwarded.
When using FortiAnalyzer/FortiManager for receiving logs from the FortiGate, to configure log filter settings to determine which logs will be recorded (for example: 'Warning', 'Critical', 'Alert', and 'Emergency' ), the following command should be used:
config log fortianalyzer filter
set severity warning <----- Debug, information*, notification, warning, error, critical, alert, emergency.
end
Related article:
Technical Tip: Filtering specific event logs that will be forwarded to a syslog server
|
