DescriptionThis article describes a root cause for the following symptom : The FortiGate does not log some events on the syslog servers.
ScopeFortiOS 4.0 MR3
FortiOS 5.0SolutionA possible root cause is that the logging options for the syslog server may not be all enabled.
This must be configured from the Fortigate CLI, with the following command :
FGT# config log syslogd filter
FGT (filter) # get <== to display your current config, which looks like this in FortiOS 4.0MR2 :
app-ctrl : enable
attack : enable
dlp : enable
email : enable
forward-traffic : enable
invalid-packet : enable
local-traffic : enable
netscan : enable
severity : information
traffic : enable
virus : enable
voip : enable
web : enable
analytics : enable
anomaly : enable
app-ctrl-all : enable
blocked : enable
discovery : enable
dlp-all : enable
dlp-docsource : enable
email-log-google : enable
email-log-imap : enable
email-log-msn : enable
email-log-pop3 : enable
email-log-smtp : enable
email-log-yahoo : enable
ftgd-wf-block : enable
ftgd-wf-errors : enable
infected : enable
multicast-traffic : enable
oversized : enable
scanerror : enable
signature : enable
suspicious : enable
switching-protocols : enable
url-filter : disable
vulnerability : enable
web-content : enable
web-filter-activex : enable
web-filter-applet : enable
web-filter-command-block: enable
web-filter-cookie : enable
web-filter-ftgd-quota: enable
web-filter-ftgd-quota-counting: enable
web-filter-ftgd-quota-expired: enable
web-filter-script-other: enable
|
You can then use the command set <option> enable/disable to enable or disable any of the items in the list.
Example :
FGT (filter) # set url-filter enable
FGT (filter) # end
A logging test can be made with the following CLI command : "diagnose log test"
Related Articles
How to perform a syslog and log test on a FortiGate with the 'diagnose log test' command
