Configuring How A Fortigate Unit Stores Logs; Remote Logging To A Fortianalyzer Unit - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Configuring how a FortiGate unit stores logs
Configuring how a FortiGate unit stores logs
Remote logging to a FortiAnalyzer unit
710
Note: If the FortiGate unit is in Transparent mode, certain settings and options for logging
may not be available because certain features do not support logging, or are not available
in Transparent mode. For example, SSL VPN events are not available in Transparent
mode.
The type and frequency of log messages you intend to save determines the type of log
storage to use. For example, if you want to log traffic and content logs, you need to
configure the FortiGate unit to log to a FortiAnalyzer unit or Syslog server. The FortiGate
system memory is unable to log traffic and content logs because of their frequency and
large file size.
Storing log messages to one or more locations, such as a FortiAnalyzer unit or Syslog
server, may be a better solution for your logging requirements than the FortiGate system
memory. Configuring your FortiGate unit to log to a FortiGuard Analysis server may also
be a better log storage solution if you do not have a FortiAnalyzer unit and want to create
reports.
This section describes:
•
Remote logging to a FortiAnalyzer unit
•
Remote logging to the FortiGuard Analysis and Management Service
•
Remote logging to a Syslog server
•
Local logging to memory
•
Local logging to disk
FortiAnalyzer units are network devices that provide integrated log collection, analysis
tools and data storage. Detailed log reports provide historical as well as current analysis of
network activity to help identify security issues and reduce network misuse and abuse.
You can configure the FortiGate unit to log up to three FortiAnalyzer units. The FortiGate
unit sends logs to all three FortiAnalyzer units. Each FortiAnalyzer unit stores the same
information. Logging to multiple FortiAnalyzer units provides real-time backup protection
in the event one of the FortiAnalyzer units fails. You can configure logging to multiple
FortiAnalyzer units only in the CLI.
Figure 439: Configuring remote logging to the FortiAnalyzer unit
Expand
Arrow
To configure the FortiGate unit to send logs to the FortiAnalyzer unit
1 Go to Log&Report > Log Config > Log Setting.
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
Log&Report
•
Feedback
Advertisement
Table of Contents
