I would like to know how I can create a syslog policy, which only sends me "system events".
The one I have created right now is sending us everything, traffic events, connections, etc.; In short, many logs and the collector fills up. Is there any possible configuration so that it only sends system events?
Buenas,
me gustaría saber como puedo crear una Policy de Syslog, que solo me envíe "eventos de sistema".
La que tengo creada ahora mismo nos está enviando de todo, eventos de tráfico, de conexiones, etc ; en definitiva muchísimos logs y nos llena el recolector ¿hay alguna configuración posible para que solo envíe los eventos de sistema?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello
Once I wanted to do the same on FortiWeb but I couldn't find how to. While on FortiGate it is possible to apply filters on syslog messages.
In the WAF I have a Syslog policy configured.
The FortiWeb documentation indicates that regarding “Configuring log levels” (loglevels):
Syslog events have different severity levels, such as "info", "warning", and "error". You can configure FortiWeb to only send events of a specific level.
For system events, you'll generally want to select the "info" level or higher.
The levels are these below, in my configuration I have it configured as "Critical", which includes system events and so on, you can try leaving only the "Informational" ones, perhaps this way only the "system events" ones appear. ”, that is my doubt too, according to the level table, if I set the "Information" level, perhaps it would only give me "System Events" messages
(0 is greatest)
Name Description
0 Emergency The system has become unusable.
1 Alert Immediate action is required.
2 Critical Functionality is affected.
3 Error An error condition exists and functionality could be affected.
4 Warning Functionality could be affected.
5 Notification Information about normal events.
6 Information General information about system operations
Hi
I don't think this will be helpful. Severity level is not related to the log category (sys, traffic, attack and so). In fact system events can have many severity levels, and traffic events as well.
So if you keep informational events I think you will receive logs from all categories.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.