I'm currently sending logs from a Fortigate to a FortiAnalyzer and which to send only logs with the severity level prior or equal to error (3) to the Fortianalyzer, while keep logging lowest level (information, debug, notification and warning) locally on the Fortigate. Based on my search, I prepare the following config :
config log fortianalyzer filter set severity error set forward-traffic enable set set local-traffic enable set anomaly enable end
Does anybody can confirm this ? Or have already achieve this and know how it works ?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.