Configuring Event Logging - Fortinet FortiGate Series Administration Manual

Log&Report

Configuring Event logging

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Violation traffic
detected
Firewall authentication
failure
SSL VPN login failure Select if you require an alert email message based on any SSL VPN
Administrator
login/logout
IPSec tunnel errors
L2TP/PPTP/PPPoE
errors
Configuration changes Select if you require an alert email message based on any changes
FortiGuard license
expiry time (1-100
days)
FortiGuard log quota
usage
Disk Usage
Send alert email for logs
based on severity
Minimum log level
The Event Log records management and activity events, such as when a configuration
has changed, or VPN and High Availability (HA) events occur.
When you are logged into VDOMs that are in Transparent mode, or if all VDOMs are in
Transparent mode, certain options may not be available such as VIP ssl event or CPU and
memory usage event. You can enable event logs only when you are logged in to a VDOM;
you cannot enable event logs in the root VDOM.
To enable the event logging go to Log&Report > Log Config > Event Log. Select the
Enable check box. Select one or more of the following logs and select Apply.
System Activity All system-related events, such as ping server failure and gateway status.
event
IPSec negotiation All IPSec negotiation events, such as progress and error reports.
event
DHCP service All DHCP-events, such as the request and response log.
event
L2TP/PPTP/PPPoE All protocol-related events, such as manager and socket creation
processes.
service event
Admin event All administrative events, such as user logins, resets, and configuration
updates.
HA activity event All high availability events, such as link, member, and state information.
Firewall All firewall-related events, such as user authentication.
authentication event
Select if you require an alert email message based on violated traffic
that is detected by the FortiGate unit.
Select if you require an alert email message based on firewall
authentication failures.
logins that failed.
Select if you require an alert email message based on whether
administrators log in or out.
Select if you require an alert email message based on whether there is
an error in the IPSec tunnel configuration.
Select if you require an alert email message based on errors that
occurred in L2TP, PPTP, or PPPoE.
made to the FortiGate configuration.
Enter the number of days before the FortiGuard license expiry time
notification is sent.
Select if you require an alert email message based on the FortiGuard
Analysis server log disk quota getting full.
Select if you require an alert email when the internal hard disk or AMC
disk reaches a disk usage level. You can set the disk usage level at
which the alert email is sent.
Select if you want to send an alert email that is based on a specified
log severity, such as warning.
Select a log severity from the list. For more information about log
severity levels, see "Log severity levels" on page
Configuring Event logging
733.
717