FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
Article Id 195170



This article explains how to send FortiManager's local logs to a FortiAnalyzer.



FortiManager and FortiAnalyzer 5.0, 5.2, 5.4, 5.6, 6.0, 6.2, 7.0, 7.2.



It is possible to configure the FortiManager to send local logs to the FortiAnalyzer either by using the GUI or from the CLI.

1) Configuration from the GUI:

This option is available only if the FortiAnalyzer feature is enabled in the FortiManager.

Under System Settings -> Advanced -> Device Log Settings -> Local Device Log, enable the option to 'Send the local event logs to FortiAnalyzer/FortiManager' and enter the IP address of the FortiAnalyzer.

Choose the Upload Option and the Severity Level. Select Apply to save the settings.

2) Configuration from the CLI:

In FortiManager 5.0 or 5.2:
# config system log fortianalyzer
set status {disable | enable}
set ip <ipv4>
set secure_connection {disable | enable}
set localid <string>
set psk <password_string>
set username <username_string>
set passwd <password_string>
set auto_install {enable | disable}
# config system locallog fortianalyzer setting
set status enable
set severity  {emergency | alert | critical | error | warning | notification | information | debug}

In FortiManager 5.4 and higher:
# config system locallog {fortianalyzer | fortianalyzer2 | fortianalyzer3} setting
set severity {emergency | alert | critical | error | warning | notification | information | debug}
set server <FortiAnalyzer server FQDN, hostname, or IP address>
set secure-connection {enable | disable}
set status {disable | realtime | upload}
set upload-time <hh:mm>
Once the configuration has been completed on the FortiManager, the FortiAnalyzer must also be configured to accept the FortiManager logs.
Related article: