Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek
Contributor

Log only local system events

Hi,

I have branch fortigate which traffic all is going to hq fortigate and this fortigate send all logs to fortianalyzer, so this way traffic from branch is logged.

Some Ipv4 policies on branch are configured with option "Log Allowed Traffic: All Sessions" but this logs should only be in local memory and should not be forwarded to fortianalyzer, I would to send to fortianalyzer only local system events like failed admin logins etc, how to do this?

1 REPLY 1
JonathanTorian_FTNT

Hi Tutek,

You can accomplish this using the "config log fortianalyzer filter" command as defined in the following documentation:

 

https://docs.fortinet.com/document/fortigate/6.2.1/cli-reference/386620/log-fortianalyzer-filter

 

Can you define a "free-form filter" that matches whatever criteria you want to send to the FortiAnalyzer from the FortiGate.

Labels
Top Kudoed Authors