Created on 01-17-2023 10:23 PM Edited on 01-18-2023 12:19 AM By Jean-Philippe_P
Description |
This article describes how to stop forward traffic logs from being sent to the Syslog server using free-style. |
Scope | FortiGate. |
Solution |
Forward traffic logs are still being sent even using the free-style filter below.
# config log syslogd filter
The objective is to send UTM logs only to the Syslog server from FortiGate except Forward Traffic logs using the free-style filters.
Add another free-style filter at the bottom to exclude forward traffic logs from being sent to the Syslog server.
# config free-style edit 5 set category traffic set filter "(level information notice warning error critical alert emergency)" set filter-type exclude next end end
Test sending dummy logs from FortiGate to the Syslog server using the command below.
# diag log test
The Syslog server should now receive UTM logs only specified on the free-style filters.
Take note that there are some discrepancies on the free-style filter using versions 6.0 and 7.0.
Related article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-In-log-filter-setting-between-logid-and-lo... for more details. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.