Setting Filter Based on Severity for Exte...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 275941

Description

This article discusses setting a severity-based filter for External Syslog in FortiGate.

Scope

FortiGate.

Solution

When using an external Syslog server for receiving logs from FortiGate, there is an option that lets filter it based on the log severity. By setting the severity, the log will include messages under the selected severity and include the above severities. By default, it is set to information.

The severity levels are as below:

Parameter	Description
Emergency	Emergency level.
Alert	Alert level.
Critical	Critical level
Error	Error level.
Warning	Warning level.
Notification	Notification level.
Information*	Information level.
Debug	Debug level.

CLI Command:

config log syslogd filter
set severity (parameter) <----- Debug, information*, notification, warning, error, critical, alert, emergency.
end

When using FortiAnalyzer/FortiManager for receiving logs from the FortiGate, to configure log filter settings to determine which logs will be recorded (for example: 'Warning', 'Critical', or 'Alert'), the following command should be used:

config log fortianalyzer filter
set severity warning <----- Debug, information*, notification, warning, error, critical, alert, emergency.
end

4819

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Setting Filter Based on Severity for External Syslog in FortiGate

You are leaving our website