Description | This article that the syslog free-style filters do not work as configured after firmware upgrade 7.0.x or 7.2.x version from 6.4.x version. In version 6.4, only logs with a specific ID were filtered through 'set filter-type include' and sent to the Syslog server normally. But, it was not normally filtered and forwarded despite the same settings in the 7.0 version. |
Scope | FortiGate v7.0 or v7.2+ GA releases. |
Solution |
This is by design. The free-style filter is intended to filter specific logs per category. Other category doesn't apply the filter.
# show log syslogd filter
With the above configuration, all other logs will go through. but for 'attack', only 'logic 0419016384' logs may pass. The CLI command has been changed as follows to a free-style filter.
CLI Setting:
Version 6.4:
# config log syslogd filter
Related document: https://docs.fortinet.com/document/fortigate/6.4.12/cli-reference/444620/config-log-syslogd-filter
Version 7.0 or 7.2 later:
# config log syslogd filter
Related document: https://docs.fortinet.com/document/fortigate/7.0.10/cli-reference/456620/config-log-syslogd-filter |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.