Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

fortinet syslog and logrotate

hi. i use and external server as my syslog server for the fortinet. i would like to activate a logrotate on my server for the fortinate logs, however, i do not know how to force the syslog on the fortinate to restart from my external server. otherwise it will just keep outputting to the newly renamed file and not to the new empty file. anyone can help?
2 REPLIES 2
ede_pfau
SuperUser
SuperUser

Methinks that is a feature of your syslog server. The FGT logs to the IP of the server not to a specific file. The syslog server should copy the current log file, rename it and clear the current one. I use Kiwi syslog (now part of Solarwinds) but I haven' t used log rotation yet.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
SECCON1MC
New Contributor

Setting a sighup on your syslog service that is called in conjunction with log rotation should do the trick. The issue is the file lock on your syslog server and nothing todo with the fortigate. Good Luck
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors