FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
Article Id 278535


This article describes how to send FortiManager local event logs to FortiAnalyzer without enabling FortiAnalyzer features.




FortiManager, FortiAnalyzer.




Enabling FortiAnalyzer Features in FortiManager consumes system resources and with some other circumstances,  will disable these features permanently which causes limitations.


It is necessary to disable FortiAnalyzer features before forming a FortiManager HA:

FortiManager verifies if FortiAnalyzer features are disabled before forming HA cluster


Despite the limitations that accidentally occur, the objective to send FortiManager local event logs to FortiAnalyzer without enabling FortiAnalyzer features can be done by following steps:


Configuration in FortiManager:

  1. Configure Syslog Server (FAZ) in System Settings -> Syslog Server -> Create New.


configure syslog server faz.png


It is possible to define in CLI:


config system syslog
    edit "faz"
        set ip "10.47.X.X"


  1. Enable sending local logs to Syslog Server (FAZ) in CLI:


config system locallog syslogd setting
    set severity information
    set status enable
    set syslog-name "faz"


Action in FortiAnalyzer:

  1.  Authorize FortiManager in Device Manager


authorize FMG in FAZ.png


  1. View the logs in Log View -> FortiManager -> Event, it will probably take some time to populate the logs:

FMG local event in FAZ.png


  1. Trigger the logs by sending the Test log from FortiManager:


test syslog.png


Related articles:

How to send local FortiManager logs to a FortiAnalyzer 

Configure FortiManager to send logs to a syslog server 

How to send FortiManager local event logs to FortiAnalyzer FortiManager/FortiAnalyzer local event logs setup for the external SYSLOG server