Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JMATAS
New Contributor

Fortiweb 7.25, Syslog only System Event

I would like to know how I can create a syslog policy, which only sends me "system events".

The one I have created right now is sending us everything, traffic events, connections, etc.; In short, many logs and the collector fills up. Is there any possible configuration so that it only sends system events?


Buenas,

me gustaría saber como puedo crear una Policy de Syslog, que solo me envíe "eventos de sistema".

La que tengo creada ahora mismo nos está enviando de todo, eventos de tráfico, de conexiones, etc ; en definitiva muchísimos logs y nos llena el recolector ¿hay alguna configuración posible para que solo envíe los eventos de sistema?

 

 
 

 

 

3 REPLIES 3
AEK
Honored Contributor

Hello

Once I wanted to do the same on FortiWeb but I couldn't find how to. While on FortiGate it is possible to apply filters on syslog messages.

AEK
AEK
JMATAS
New Contributor

In the WAF I have a Syslog policy configured.
The FortiWeb documentation indicates that regarding “Configuring log levels” (loglevels):
   

Syslog events have different severity levels, such as "info", "warning", and "error". You can configure FortiWeb to only send events of a specific level.

For system events, you'll generally want to select the "info" level or higher.


The levels are these below, in my configuration I have it configured as "Critical", which includes system events and so on, you can try leaving only the "Informational" ones, perhaps this way only the "system events" ones appear. ”, that is my doubt too, according to the level table, if I set the "Information" level, perhaps it would only give me "System Events" messages

(0 is greatest)

Name Description


0 Emergency The system has become unusable.

1 Alert Immediate action is required.

2 Critical Functionality is affected.

3 Error An error condition exists and functionality could be affected.

4 Warning Functionality could be affected.

5 Notification Information about normal events.

6 Information General information about system operations

 
AEK
Honored Contributor

Hi

I don't think this will be helpful. Severity level is not related to the log category (sys, traffic, attack and so). In fact system events can have many severity levels, and traffic events as well.

So if you keep informational events I think you will receive logs from all categories.

AEK
AEK
Labels
Top Kudoed Authors