This article describes how to send FortiManager local event logs to FortiAnalyzer without enabling FortiAnalyzer features.
Enabling FortiAnalyzer Features in FortiManager consumes system resources and with some other circumstances, will disable these features permanently which causes limitations.
It is necessary to disable FortiAnalyzer features before forming a FortiManager HA:
FortiManager verifies if FortiAnalyzer features are disabled before forming HA cluster
Despite the limitations that accidentally occur, the objective to send FortiManager local event logs to FortiAnalyzer without enabling FortiAnalyzer features can be done by following steps:
Configuration in FortiManager:
It is possible to define in CLI:
config system syslog edit "faz" set ip "10.47.X.X" nextend
config system locallog syslogd setting set severity information set status enable set syslog-name "faz"end
Action in FortiAnalyzer:
How to send local FortiManager logs to a FortiAnalyzer
Configure FortiManager to send logs to a syslog server
How to send FortiManager local event logs to FortiAnalyzer FortiManager/FortiAnalyzer local event logs setup for the external SYSLOG server
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.