Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- syslogd settings in FortiOS-5 not saving using cl...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
syslogd settings in FortiOS-5 not saving using cli
Hello all, I have a Fortigate 110c Firmware version 5 build 228 and cannot get the syslogd settings to save. I have used the following CLI commands
config log syslogd setting
set status enable
set facility local7
set csv disable
set server 192.168.2.100 (not real IP)
set reliable disable
end
config log syslogd filter
set severity debug
set traffic enable
set web enable
set virus enable
set attack enable
end
When I run a " show" on either command I only see this.
------------------------------------
config log syslogd setting
show
config log syslogd setting
set status enable
set server " 192.168.2.100"
end
-------------------------------------
config log syslogd filter
show
config log syslogd filter
set severity debug
end
-------------------------------------
I even downloaded the config and cracked it open in wordpad. None of the other settings show there either.
I had the same problem in the Version 5 build 208 firmware as well. Is this a bug or am I missing something?
Mike Cook Fortigate 100E Firmware v5.6.2 build1486 (GA
Mike Cook Fortigate 100E Firmware v5.6.2 build1486 (GA
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- « Previous
-
- 1
- 2
- Next »
18 REPLIES 18
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: mtcook01 Well I take that back, now that I am actually on the computer (not remotely logged in) I can work with wireshark a bit more. I do see that syslog messages are being sent to the host. Neither IView or Kiwi seem to be able to decipher then. I changed the serial and IPs below, but there is the stream. 142 8.775821000 10.1.10.1 10.1.10.45 Syslog 526 LOCAL7.NOTICE: date=2013-08-13 time=12:04:25 devname=ESC-Primary devid=FG100C3G09690876 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=1921.2.109 srcport=62133 srcintf=" ESCMain" dstip=173.194.74.120 dstport=80 dstintf=" wan1" sessionid=6413 status=close policyid=3 dstcountry=" United States" srccountry=" Reserved" trandisp=snat transip=23.31.163.177 transport=62133 service=HTTP proto=6 applist=" block-p2p" duration=301 sentbyte=2713 rcvdbyte=1598 sentpkt=10 rcvdpkt=14That looks more like browser traffic to me....
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That looks more like browser traffic to me....I think Mike is indicating that entire log event is the data stream itself to the syslog server.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is the output tab delimited ? maybe if the syslog can' t read the fields or is confused on the output format. What does wireshark show with the appropiate filter for syslog.
syslog.msg
I would start their and build a pcap and read it back in.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm, not sure what you mean by build a pcap. I got the raw logs that our syslog server is receiving. This is directly from the software and not Wireshark
date=2013-08-14 time=13:39:56 devname=ESC-Primary devid=FG100C3G045116649 logid=0001000014 type=traffic subtype=local level=notice vd=root srcip=192.1.2.4 srcport=5019 srcintf=" ESCMain" dstip=10.1.2.1 dstport=53 dstintf=" root" sessionid=1002625 status=accept policyid=0 dstcountry=" Reserved" srccountry=" Reserved" trandisp=noop service=DNS proto=17 app=" Domain Name Server" duration=181 sentbyte=0 rcvdbyte=135 sentpkt=0 rcvdpkt=1
The setup for that needs to be used for our software is local7, no csv, debug
On a side note a 100A running FortiOS 4 mr 3 patch 9 is submitting data just fine.
Mike Cook Fortigate 100E Firmware v5.6.2 build1486 (GA
Mike Cook Fortigate 100E Firmware v5.6.2 build1486 (GA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you check to see if " set extended-traffic-log" is enabled under " config log syslogd filter" on both fgt devices? If you do not need this extra info that this settings provide then I say disable it.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That feature is available on the 100A but not on the 110C. Here are my filter settings
Does not work with syslog
-------------------------------------
set app-ctrl enable
set attack enable
set dlp enable
set email enable
set forward-traffic enable
set local-traffic enable
set netscan enable
set severity debug
set traffic enable
set virus enable
set voip enable
set web enable
set analytics enable
set anomaly enable
set app-ctrl-all enable
set blocked enable
set discovery enable
set dlp-all enable
set dlp-docsource enable
set email-log-google enable
set email-log-imap enable
set email-log-msn enable
set email-log-pop3 enable
--More-- set email-log-smtp enable
--More-- set email-log-yahoo enable
--More-- set ftgd-wf-block enable
--More-- set ftgd-wf-errors enable
--More-- set infected enable
--More-- set multicast-traffic enable
--More-- set oversized enable
--More-- set scanerror enable
--More-- set signature enable
--More-- set suspicious enable
--More-- set switching-protocols enable
--More-- set url-filter enable
--More-- set vulnerability enable
--More-- set web-content enable
--More-- set web-filter-activex enable
--More-- set web-filter-applet enable
--More-- set web-filter-command-block enable
--More-- set web-filter-cookie enable
--More-- set web-filter-ftgd-quota enable
--More-- set web-filter-ftgd-quota-counting enable
--More-- set web-filter-ftgd-quota-expired enable
--More-- set web-filter-script-other enable
--More-- end
----------------------------------------------------------------
Here is the settings from my 100A which does work with syslog.
-------------------------------------------------------------
set app-ctrl enable
set attack enable
set dlp enable
set email enable
set explicit-proxy-traffic enable
set failed-connection enable
unset override
set severity debug
set traffic enable
set virus enable
set wanopt-traffic enable
set web enable
set webcache-traffic enable
set allowed enable
set anomaly enable
set app-ctrl-all enable
set blocked enable
set dlp-all enable
set email-log-imap enable
set email-log-msn enable
set email-log-pop3 enable
set email-log-smtp enable
set email-log-yahoo enable
--More-- set extended-traffic-log enable
--More-- set ftgd-wf-block enable
--More-- set ftgd-wf-errors enable
--More-- set infected enable
--More-- set oversized enable
--More-- set scanerror enable
--More-- set signature enable
--More-- set url-filter enable
--More-- set violation enable
--More-- set web-content enable
--More-- set web-filter-activex enable
--More-- set web-filter-applet enable
--More-- set web-filter-cookie enable
--More-- set web-filter-ftgd-quota enable
--More-- set web-filter-ftgd-quota-counting enable
--More-- set web-filter-ftgd-quota-expired enable
--More-- set web-filter-script-other enable
--More-- end
-----------------------------------------------------------
Thanks again
Mike Cook Fortigate 100E Firmware v5.6.2 build1486 (GA
Mike Cook Fortigate 100E Firmware v5.6.2 build1486 (GA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Diff (Does not work with syslog)...
set forward-traffic enable set local-traffic enable set netscan enable set voip enable set analytics enable set discovery enable set dlp-docsource enable set email-log-google enable set multicast-traffic enable set suspicious enable set switching-protocols enable set vulnerability enable set web-filter-command-block enableDiff (works on 100A)...
set explicit-proxy-traffic enable set failed-connection enable unset override set wanopt-traffic enable set webcache-traffic enable set allowed enable set extended-traffic-log enable set violation enablePersonally, if I had a spare 110C unit or can afford some down time, I' d just make a backup of the config and perform " exec factoryreset" on the 110C (or spare unit) then set up syslogd logging on a " clean" config. If that works then save that config and restore the old one. Compare the diff between the two configs.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks everyone for your help. I don' t have a spare and this is my last Fortigate purchase. The " forward traffic" logs no longer work with the most recent firmware upgrade. I do wish FG would conduct better QA.
I might take this down over the weekend and rebuild the config.
Again thank you for your help.
Mike Cook Fortigate 100E Firmware v5.6.2 build1486 (GA
Mike Cook Fortigate 100E Firmware v5.6.2 build1486 (GA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
just enable logs on memory even your fortigate device has a hard drive as storage. and log will be appear on your syslog.
- « Previous
-
- 1
- 2
- Next »
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,684 -
FortiClient
1,756 -
5.2
801 -
FortiManager
727 -
5.4
639 -
FortiAnalyzer
556 -
FortiSwitch
474 -
FortiAP
471 -
FortiClient EMS
429 -
6.0
416 -
5.6
362 -
FortiMail
318 -
6.2
251 -
SSL-VPN
243 -
FortiAuthenticator v5.5
234 -
IPsec
208 -
FortiWeb
205 -
5.0
196 -
FortiNAC
188 -
FortiGuard
139 -
6.4
128 -
SD-WAN
115 -
FortiGateCloud
102 -
FortiAuthenticator
102 -
FortiSIEM
99 -
FortiCloud Products
96 -
FortiToken
91 -
Firewall policy
82 -
Customer Service
79 -
Wireless Controller
79 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
51 -
vlan
51 -
ZTNA
49 -
Routing
46 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
43 -
FortiDNS
42 -
LDAP
41 -
BGP
40 -
Authentication
38 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
FortiSwitch v6.4
34 -
Certificate
34 -
RADIUS
33 -
SSO
33 -
Interface
31 -
VDOM
30 -
FortiConnect
29 -
FortiLink
29 -
FortiWAN
27 -
Web profile
27 -
Application control
26 -
FortiConverter
25 -
Logging
25 -
FortiGate v5.2
24 -
Virtual IP
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
FortiGate-VM
12 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
FortiManager v4.0
10 -
IPS signature
10 -
FortiAP profile
10 -
Proxy policy
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
Fortinet Engage Partner Program
6 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
API
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
TACACS
2 -
Schedule
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1710 | |
| 1093 | |
| 752 | |
| 446 | |
| 231 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.