Hello all,
Can Fortigate syslog receive routing or VPN "configuration change" notifications?
I know that syslog can receive status change notifications, and change notifications can be sent via email alerts, but I don't know if syslog can receive them.
I've checked, and I don't seem to have seen any instructions for this.
Solved! Go to Solution.
Hi,
- Configuration changes can be seen in the events logs in the Firewall. Please refer the below link.
- If we put filter of "Object attribute configured" as log description we will see configuration changes.
- I am not very clear about the second part of your issue. Is the requirement is to send only these logs to syslog from fortigate?
Regards,
Shiva
Is the requirement is to send only these logs to syslog from fortigate?
yes!
Hi,
- Then you can use filters in the syslog setting in the firewall to do that.
- You can see Log ID in the details of the event logs. You can filter and send only the specific log ID. for Example log ID 44547 will be used for object attribute changed in the Firewall.
Regards,
Shiva
Hello,
After testing, the command within the provided link is functional in version 6.0.l6.
However, with OS 7.0.12, the command in the link is not applicable.
Could you please provide the correct command for filtering logid in this version?
Tks!
Hi,
Please check the 7.0 document.
https://docs.fortinet.com/document/fortigate/7.0.4/cli-reference/450620/config-log-syslogd-filter
Sample:
config free-style
edit 1
set category event
set filter "(logid 0100044547)"
next
end
Regards,
Shiva
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.