Log&Report
Log&Report
FortiGate Logging
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102
This section provides information on how to enable logging, viewing of log files
and the viewing of reports available through the web-based manager. FortiGate
units provide extensive logging capabilities for traffic, system and network
protection functions. Detailed log information and reports provide historical as well
as current analysis of network activity to help identify security issues and reduce
network misuse and abuse.
The following topics are included in this section:
•
FortiGate Logging
•
Log severity levels
•
Storing Logs
•
High Availability cluster logging
•
Log types
•
Log Access
•
Alert Email
•
Content Archive
•
Reports
•
Viewing FortiAnalyzer reports from a FortiGate unit
Note: VDOMs affect logging and reporting features. Before configuring logging in FortiOS
3.0MR4, make sure your VDOM configuration enables you to configure and enable
FortiGate logging and reporting features. For example, if you have a management VDOM,
you can only configure logging to a FortiAnalyzer unit or Syslog server, and viewing logs is
not available. See
"Using virtual domains" on page 61
FortiOS 3.0MR4.
A FortiGate unit can log many different network activities and traffic including:
•
overall network traffic
•
system-related events including system restarts, HA and VPN activity
•
anti-virus infection and blocking
•
web filtering, URL and HTTP content blocking
•
signature and anomaly attack and prevention
•
Spam filtering
•
Instant Messaging and Peer-to-peer traffic
You can customize the level that the FortiGate unit logs these events at and
where the FortiGate unit stores the logs. The level that the FortiGate unit logs
these events at, or the log severity level, is defined where you configure the
logging location. There are six severity levels to choose from. See
levels" on page 408
for more information.
for more information on VDOMs in
"Log severity
FortiGate Logging
407