Hi,
I have branch fortigate which traffic all is going to hq fortigate and this fortigate send all logs to fortianalyzer, so this way traffic from branch is logged.
Some Ipv4 policies on branch are configured with option "Log Allowed Traffic: All Sessions" but this logs should only be in local memory and should not be forwarded to fortianalyzer, I would to send to fortianalyzer only local system events like failed admin logins etc, how to do this?
Hi Tutek,
You can accomplish this using the "config log fortianalyzer filter" command as defined in the following documentation:
https://docs.fortinet.com/document/fortigate/6.2.1/cli-reference/386620/log-fortianalyzer-filter
Can you define a "free-form filter" that matches whatever criteria you want to send to the FortiAnalyzer from the FortiGate.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.