Logging Enhancements; Support For Per-Vdom Fortianalyzer Units Or Syslog Devices - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
What's new in FortiOS Version 4.0 MR1
Logging enhancements
Support for per-VDOM FortiAnalyzer units or syslog devices
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
To configure traffic quotas and accounting - CLI
In FortiOS 4.0 MR1, the config firewall traffic-shaper command is replaced by
config firewall shaper traffic-shaper and
config firewall shaper per-ip-shaper. The quota configuration for both is:
edit <shaper_name>
set
action {none | log | block}
set
quota <Mbytes>
set
type {hour | day | week | month}
end
Variable
action {none | log | block} Select the traffic shaper action for quotas:
quota <Mbytes>
type
{hour | day | week | month}
Due to the new per-VDOM FortiAnalyzer unit feature, there are some changes to logging
configuration in general:
Web-based manager changes
•
On the Log Setting page, the logging device radio buttons are now check boxes. You
can enable multiple logging devices.
•
Automatic FortiAnalyzer discovery is now available only in the CLI.
•
For local logs, the new SQL log storage format is the default for all log types except
content archiving and traffic logs. This is the only format from which you can generate
reports. Content archiving is not available in SQL format. You can enable SQL format
logging for traffic logs, but this can cause some loss of logs because SQL format
writing is slower than the compressed format.
CLI changes
In the CLI, the global FortiAnalyzer configuration has moved from
system fortianalyzer to log fortianalyzer setting. The keywords within the
command are unchanged.
FortiOS Version 4.0 MR1 supports the use of multiple FortiAnalyzer units or syslog
devices that are configurable per-VDOM. By default, VDOMs use the global remote
logging and quarantine configuration. Currently, per-VDOM remote logging configuration
is available only in the CLI.
If you want to use a different FortiAnalyzer or syslog configuration for your VDOM, you
must override the global configuration using the following commands:
Description
none — do nothing
log — generate a traffic accounting log for
each time period selected in type
block — block traffic and log the event
Enter the quota in Mbytes. This is available
when action is block.
Select the time period for quota and logging.
Logging enhancements
Default
0
hour
79
Advertisement
Table of Contents
