Real time logging to FortiAnalyzer and FortiCloud
FortiOS 5.6.0 adds new real-time logging options for FortiAnalyzer in System > Security Fabric and for FortiCloud in Log & Report > Log Settings. The default option is still every 5 minutes, but this will allow near real-time uploading and consistent high-speed compression and analysis.
For FortiAnalyzer, the CLI syntax to enable real-time is:
config log fortianalyzer setting set upload-option [realtime/1-minute/5-minute]
For FortiCloud:
config log fortiguard setting set upload-option [realtime/1-minute/5-minute]
Reliable Logging updated for real-time functionality (378937)
Previously, reliable logging was a feature for buffering and collecting logs for upload, to guarantee that no logs would be dropped before being passed to logging solutions. Reliable logging has been updated for 5.6.0 and is now enabled by default, so that real-time logs do not outpace upload speed.
It can be configured in the CLI with:
config log fortianalyzer setting set reliable [enable/disable]
FortiGate Logs can be sent to syslog servers in Common Event Format (CEF) (300128)
Reliable Logging updated for real-time functionality (378937)