Hi
I have just setup a Fortigate 30D and configured it to use RSA SecurID 2FA which is working.
I have enabled event logging for all events. When I check the logs through the GUI and the Console they are all empty.
I have also enabled email alerting which is working.
any ideas?
Simon
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Logging has been disabled in later firmwares for smaller devices
Create a FortiCloud account and connect the device to it. You have 100MB logs per day for free and a total of 1GB Logs (Log size not traffic)
If alert emails are working, then logging to some suitable non-memory destination is likely already set up, though maybe not for all events.
I would check on the default severity level of the events you want to record, and the log source the GUI looks at. Under Log & Report >Log Config > Log Settings, in the "GUI Preferences" section, what selection is chosen for "Display Logs From"?
And in the CLI:
config log <source> filter //--so, memory, disk, syslogd, etc., based on the Display Logs From setting above
get | grep severity
end
Memory logging, by default, uses 'warning' level severity, whereas most/all other destinations use 'information', which may account for the discrepancy between alert email events and the lack of logs when viewed locally on the FortiGate.
Regards, Chris McMullan Fortinet Ottawa
Logging has been disabled in later firmwares for smaller devices
Create a FortiCloud account and connect the device to it. You have 100MB logs per day for free and a total of 1GB Logs (Log size not traffic)
If alert emails are working, then logging to some suitable non-memory destination is likely already set up, though maybe not for all events.
I would check on the default severity level of the events you want to record, and the log source the GUI looks at. Under Log & Report >Log Config > Log Settings, in the "GUI Preferences" section, what selection is chosen for "Display Logs From"?
And in the CLI:
config log <source> filter //--so, memory, disk, syslogd, etc., based on the Display Logs From setting above
get | grep severity
end
Memory logging, by default, uses 'warning' level severity, whereas most/all other destinations use 'information', which may account for the discrepancy between alert email events and the lack of logs when viewed locally on the FortiGate.
Regards, Chris McMullan Fortinet Ottawa
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1717 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.