|
Forward traffic logs are still being sent even using the free-style filter below.
# config log syslogd filter
config free-style
edit 1
set category virus
set filter "(level warning)"
next
edit 2
set category webfilter
set filter "(level information)"
next
edit 3
set category app-ctrl
set filter "(level information)"
next
edit 4
set category attack
set filter "(level warning)"
next
end
end
The objective is to send UTM logs only to the Syslog server from FortiGate except Forward Traffic logs using the free-style filters.
Add another free-style filter at the bottom to exclude forward traffic logs from being sent to the Syslog server.
# config free-style
edit 5
set category traffic
set filter "(level information notice warning error critical alert emergency)"
set filter-type exclude
next
end
end
Test sending dummy logs from FortiGate to the Syslog server using the command below.
# diag log test
The Syslog server should now receive UTM logs only specified on the free-style filters.
Take note that there are some discrepancies on the free-style filter using versions 6.0 and 7.0.
Related article:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-In-log-filter-setting-between-logid-and-lo... for more details.
|
