Description
This article describes how to send FortiManager local event logs to FortiAnalyzer.
Scope
FotiManager.
Solution
Option 1 - Enable logging through FortiManager CLI .
- Login to the FortiManager CLI
- Configure FortiAnalyzer as a logging destination using the 'config system locallog fortianalyzer' command.
Related document :
Option 2 - Enable FortiAnalyzer Features on FortiManager.
- User can send FortiManager local event logs to FortiAnalyzer by navigating as below. Enable FortiAnalyzer Features on System Settings -> Dashboard.
Under System Settings -> Device Log Settings -> Local Device Log -> Enable 'Send the local event logs to FortiAnalyzer/FortiManager' -> Enter the FortiAnalyzer 'IP Address” and set the 'Severity Level' -> Apply.
- Once the changes are saved in FortiManager Device Log Settings, authorize the FortiManager in the FortiAnalyzer to allow FortiAnalyzer to start receiving logs from FortiManager.
- Once the FortiManager is fully authorized, the user will be able to view the FortiManager local event logs under Log View.
If the event logs are not present or properly shown under Log View, run a manual SQL database rebuild for the FortiManager ADOM via the below command.
exe sql-local rebuild-adom FortiManager
