FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.


This article describes the SYSLOG server configuration information on FortiGate.





- FortiGate can send syslog messages to up-to 4 syslog servers.
- Separate SYSLOG servers can be configured per VDOM.

CLI command to configure SYSLOG:


# config log {syslogd | syslogd2 | syslogd3 | syslogd4} setting

set status {enable | disable}
set csv {enable | disable}
set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | # kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}
set port <port_integer>
set reliable {enable | disable}
set server <address_ipv4 | FQDN>
set source-ip <address_ipv4>



CLI command to check SYSLOG filter settings,


# config log syslogd filter

show full-configuration



Value descriptions:


status {enable | disable}: Enter enable to enable logging to a remote syslog server.


csv {enable | disable}: Enter enable to enable the FortiGate unit to produce the log in Comma Separated Value (CSV) format.


Note: If CSV format is not enabled the output is in plain text


facility {  kernel | user | mail | daemon | auth | syslog | lpr | news | uucp | cron | authpriv | ftp | ntp | audit | alert | clock | local0 | local1 | local2 | local3  | local4 | local5 | local6 | local7 }  

kernel      Kernel messages.

user        Random user-level messages.
mail        Mail system.
daemon      System daemons.
auth        Security/authorization messages.
syslog      Messages generated internally by syslog.
lpr         Line printer subsystem.
news        Network news subsystem.
uucp        Network news subsystem.
cron        Clock daemon.
authpriv    Security/authorization messages (private).
ftp         FTP daemon.
ntp         NTP daemon.
audit       Log audit.
alert       Log alert.
clock       Clock daemon.
local0      Reserved for local use.
local1      Reserved for local use.
local2      Reserved for local use.
local3      Reserved for local use.
local4      Reserved for local use.
local5      Reserved for local use.
local6      Reserved for local use.
local7      Reserved for local use.


port <port_integer>: Enter the port number for communication with the syslog server.


reliable {enable | disable}: Enable reliable delivery of syslog messages to the syslog server. When enabled, the FortiGate unit implements the RAW profile of RFC 3195 for reliable delivery of log messages to the syslog server. Reliable syslog protects log information through authentication and data encryption and ensures that the log messages are reliably delivered in the correct order.


server <address_ipv4 | FQDN>: Enter the IP address of the syslog server that stores the logs.


source-ip <address_ipv4>: Enter the source IP address for syslogd, syslog2, syslog3 and syslog4.


This information is in the FortiOS 6.0 CLI Reference - Syslog