Hi,
2 weeks ago I configured another syslog server from the CLI and it worked fine. Now I tried the same with the same information on another FG100F and I dont get anything at our local Greylock Server.
>config log syslogd2 setting > get shows me on both sides the same information:
FG_MASTER_XXX (setting) # get
status : enable
server : XXX.X.98.58
mode : udp
port : 1514
facility : local7
source-ip :
format : default
priority : default
max-log-rate : 0
interface-select-method: auto
The rule on the FG in the DC is for all the same.
What am I missing?
Thanks
Solved! Go to Solution.
As per my knowledge syslog (or at least default config) is sent instantly as the event occurs.
Right now I'm simply looking to get our environment logging to a central location. We have multiple offices and many devices in each office (switches, servers, NAS, SAN, APs, etc...) and other than logging into each device when there is an issue, we don't have a central platform to view logs.
Hi Roland
I assume your are not wrong with your syslog port 1514 UDP.
Then as first step you may try sniff traffic from both server side and FG side on the same destination port to see if FG is sending anything to server and if server is receiving from FG.
Hi,
I didnt change anything but it works, after trying with diag log test we got traffic on the other side.
Can we know when the FG sends logs, is there a shedule?
Thanks
As per my knowledge syslog (or at least default config) is sent instantly as the event occurs.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.