Real time logging to FortiAnalyzer and FortiCloud

Real time logging to FortiAnalyzer and FortiCloud

FortiOS 5.6.0 adds new real-time logging options for FortiAnalyzer in System > Security Fabric and for FortiCloud in Log & Report > Log Settings. The default option is still every 5 minutes, but this will allow near real-time uploading and consistent high-speed compression and analysis.

For FortiAnalyzer, the CLI syntax to enable real-time is:

config log fortianalyzer setting set upload-option [realtime/1-minute/5-minute]

For FortiCloud:

config log fortiguard setting set upload-option [realtime/1-minute/5-minute]

Reliable Logging updated for real-time functionality (378937)

Previously, reliable logging was a feature for buffering and collecting logs for upload, to guarantee that no logs would be dropped before being passed to logging solutions. Reliable logging has been updated for 5.6.0 and is now enabled by default, so that real-time logs do not outpace upload speed.

It can be configured in the CLI with:

config log fortianalyzer setting set reliable [enable/disable]

FortiGate Logs can be sent to syslog servers in Common Event Format (CEF) (300128)

 

Reliable Logging updated for real-time functionality (378937)

 

This entry was posted in FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.