Logging
Accounting is an important part of FortiAuthenticator. The Logging menu tree provides a record of the events that have taken place on the FortiAuthenticator unit.
Log access
To view the log events table, go to Logging > Log Access > Logs.
The following options and information are available:
| Refresh | Refresh the log list. |
| Download Raw Log | Export the FortiAuthenticator log to your computer as a text file named fac.log. |
| Log Type Reference | Select to view the log type reference dialog box. See Log type reference on page 155. |
| Debug Report | Select to download the debug report to your computer as a file named report.dbg. |
| Search | Enter a search term in the search field, then select Search to search the log message list.
The search string must appear in the Message portion of the log entry to result in a match. To prevent each term in a phrase from being matched separately, multiple keywords must be in quotes and be an exact match. After the search is complete the number of positive matches will be displayed next to the Search button, with the total number of log entries in brackets following. Select the total number of log entries to return to the full list. Subsequent searches will search all the log entries, and not just the previous search’s results. |
| ID | The log message’s ID. |
| Timestamp | The time the message was received. |
Log access Logging
| Level | The log severity level:
l Emergency: The system has become unstable. l Alert: Immediate action is required. l Critical: Functionality is affected. l Error: An erroneous condition exists, and functionality is probably affected. l Warning: Functionality could be affected. l Notification: Information about normal events. l Information: General information about system operations. l Debug: Detailed information useful for debugging purposes. |
| Category | The log category, which is always Event. See Log type reference on page 155. |
| Sub category | The log subcategory. See Log type reference on page 155. |
| Type id | The log type ID. |
| Action | The action which created the log message, if applicable. |
| Status | The status of the action that created the log message, if applicable. |
| NAS name/IP | The NAS name or IP address of the relevant device if an authentication action fails. |
| Short message | The log message itself, sometimes slightly shortened. |
| User | The user to whom the log message pertains. |
To view log details:
From the log list, select the log whose details you need to view by clicking anywhere within the log’s row. The Log Details pane will open on the right side of the window.
After viewing the log details, select the close icon in the top right corner of the pane to close the details pane. Log type reference
Select Log Type Reference in the log list toolbar to open the log type reference dialog box.
The following information and options are available:
| Search | Enter a search term in the search field, then select Search to search the log type reference. | |
| Type id | The log type ID. | |
| >Name | The name of the log type. |
155
Logging Log access
| Sub category | The log type subcategory, one of: Admin Configuration, Authentication, System, High Availability, UserPortal, or Web Service. |
| Category | The log type category, which is always Event. |
| Description | A brief description of the log type. |
To close the Log Type Reference dialog box, select close above the top right corner of the box, or simply click anywhere outside of the box within the log list.
Log configuration Logging
Sort the log messages
The log message table can be sorted by any column. To sort the log entries by a particular column, select the title for that column. The log entries will now be displayed based on data in that column in ascending order. Select the column heading again to sort the entries in descending order. Ascending or descending is displayed with an arrow next to the column title, an up arrow for ascending and down arrow for descending.
Log configuration
Logs can be remotely backed up to an FTP server, automatically deleted, and sent to a remote syslog server in lieu of storing them locally.
Log settings
To configure log backups, automatic deletion, and remote storage, go to Logging > Log Config > Log Setting.
To configure log backups:
- In the log settings window, select Enable remote backup in the Log Backup
- Select the frequency of the backups in the Frequency field as either Daily, Weekly, or Monthly.
- Configure the time of day that the backup will occur in one of the following ways:
l Enter a time in the Time field l Select Now to enter the current time l Select the clock icon and choose a time from the pop-up menu: Now, Midnight, 6 a.m., or Noon.
- Select an FTP server from the drop-down list in the FTP server For information on configuring an FTP server, see FTP servers on page 44.
- Select OK to save your settings.
To configure automatic log deletion:
- In the log settings window, select Enable log auto-deletion in the Log Auto-Deletion
- In the Auto-delete logs older than field, select day(s), week(s), or month(s) from the drop-down list, then enter the number of days, weeks, or months after which a log will be deleted.
- Select OK to save your settings.
157
Logging Log configuration
To configure logging to a remote syslog server:
- In the log settings window, select Send logs to remote Syslog servers in the Remote Syslog
- Move the syslog servers to which the logs will be sent from the Available syslog servers box to the Chosen syslog servers
For information on adding syslog servers, see Syslog servers on page 158.
- Select OK to save your settings.
Syslog servers
Syslog servers can be used to store remote logs. To view the syslog server list, go to Logging > Log Config > Syslog Servers.
| Create New | Add a new syslog server. | |
| Delete | Delete the selected syslog server or servers. | |
| Edit | Edit the selected syslog server. | |
| Name | The syslog server name on the FortiAuthenticator unit. | |
| Server name/IP | The server name or IP address, and port number. |
To add a syslog server:
- From the syslog servers list, select Create New. The Create New Syslog Server window opens.
- Enter the following information:
| Name | Enter a name for the syslog server on the FortiAuthenticator unit. |
| Server name/IP | Enter the syslog server name or IP address. |
| Port | Enter the syslog server port number. The default port is 514. |
| Level | Select a log level to store on the remote server from the drop-down list. See Level on page 155. |
| Facility | Select a facility from the drop-down list. |
- Select OK to add the syslog server.