Remote Logging To A Syslog Server - Fortinet FortiGate Series Administration Manual

Log&Report

Remote logging to a Syslog server

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
5 Select one of the following:
Overwrite oldest Deletes the oldest log entry and continues logging when the maximum log
disk space is reached.
logs
Do not log Stops log messages going to the FortiGuard Analysis server when the
maximum log disk space is reached.
6 Select a severity level.
7 Select Apply.
A Syslog server is a remote computer running Syslog software and is an industry standard
for logging. Syslog is used to capture log information provided by network devices. The
Syslog server is both a convenient and flexible logging device, since any computer
system, such as Linux, Unix, and Intel-based Windows can run syslog software.
When configuring logging to a Syslog server, you need to configure the facility and log file
format, normal or Comma Separated Values (CSV). The CSV format contains commas
whereas the normal format contains spaces. Logs saved in the CSV file format can be
viewed in a spread-sheet application, while logs saved in normal format are viewed in a
text editor (such as Notepad) because they are saved as plain text files.
Configuring a facility easily identifies the device that recorded the log file.
Figure 441: Remote logging to a Syslog server
IP/FQDN The IP address or fully qualified domain name of the syslog server. For
example, the FQDN could be log.example.com.
Port The port number for communication with the syslog server, typically port 514.
Minimum log level The FortiGate unit logs all messages at and above the logging severity level
you select. For more information about the logging levels, see
levels" on page
Facility Facility indicates to the syslog server the source of a log message. By
default, FortiGate reports Facility as local7. You may want to change Facility
to distinguish log messages from different FortiGate units.
Enable CSV Format If you enable CSV format, the FortiGate unit produces the log in Comma
Separated Value (CSV) format. If you do not enable CSV format the
FortiGate unit produces plain text files.
To configure the FortiGate unit to send logs to a syslog server
1 Go to Log&Report > Log Config > Log Setting.
2 Select the check box beside Syslog.
3 Select the Expand Arrow beside the check box to reveal the Syslog options.
4 Enter the appropriate information for the Syslog server.
Configuring how a FortiGate unit stores logs
733.
"Log severity
713