Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
athirat
Staff
Staff

Created on ‎06-24-2024 11:13 PM

Article Id 322233

Technical Tip: How to prevent syslog logging of local fgfm connection related events from FortiManager

Description

This article describes how to prevent the sending of 'subtype=fgfm' logs from FortiManager to the syslog server.
Scope FortiManager.
Solution

By default, the below logs highlighting fgfm connection changes between FortiManager and managed devices are sent to the syslog server.

 

date=2023-07-26 time=09:11:12 devname=fortimanager-PROD device_id=FMG-VMTM26001511 log_id=0002011003 type=event subtype=fgfm pri=warning desc="fgfm connection down" msg="fgfm connection to device FGT-LAB-01 is down" user="fgfm" device="FGT-LAB-01"

date=2023-07-26 time=09:09:12 devname=fortimanager-PROD device_id=FMG-VMTM26001511 log_id=0002011003 type=event subtype=fgfm pri=warning desc="fgfm connection up" msg="fgfm connection to device FGT-LAB-01 is up" user="fgfm" device="FGT-LAB-01"

 

On FortiManager, it is possible to disable the fgfm logging to syslog servers as below :

 

config sys locallog syslogd filter
    set fgfm disable 
end
Labels:
168
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.