Configuring logging to multiple Syslog servers
A single remote Syslog server can be configured in the GUI, in Log & Report > Log Settings, but for a larger network, you will have to configure it in the CLI.
When configuring multiple Syslog servers (or one Syslog server), you can configure reliable delivery of log messages from the Syslog server. Configuring of reliable delivery is available only in the CLI.
If VDOMs are enabled, you can configure separate FortiAnalyzer unit or Syslog server for each VDOM.
Configuring logging to multiple Syslog servers
To enable logging to multiple Syslog servers:
- Log in to the CLI.
- Enter the following commands:
config log syslogd setting set csv {disable | enable} set facility <facility_name> set port <port_integer> set reliable {disable | enable} set server <ip_address> set status {disable | enable}
end
- Enter the following commands to configure the second Syslog server:
config log syslogd2 setting set csv {disable | enable} set facility <facility_name> set port <port_integer> set reliable {disable | enable} set server <ip_address> set status {disable | enable}
end
- Enter the following commands to configure the third Syslog server:
config log syslogd3 setting set csv {disable | enable} set facility <facility_name> set port <port_integer> set reliable {disable | enable} set server <ip_address> set status {disable | enable}
end
- Enter the following commands to configure the fourth Syslog server:
config log syslogd4 setting set csv {disable | enable} set facility <facility_name> set port <port_integer> set reliable {disable | enable} set server <ip_address> set status {disable | enable}
end
Most FortiGate features are, by default, enabled for logging. You can disable individual FortiGate features you do not want the Syslog server to record, as in this example:
config log syslogd filter set local-traffic {enable | disable}
set severity {alert | critical | debug | emergency | error | information | notification | warning}
end
Using Automatic Discovery to connect to a FortiAnalyzer unit
Using Automatic Discovery to connect to a FortiAnalyzer unit
Automatic Discovery can be used if the FortiAnalyzer unit is on the same network.
To connect using automatic discovery
- Log in to the CLI.
- Enter the following command syntax:
config log fortianalyzer setting set status enable set server <ip_address> set gui-display enable set address-mode auto-discovery
end
If your FortiGate unit is in Transparent mode, the interface using the automatic discovery feature will not carry traffic. For more information about how to enable the interface to also carry traffic when using the automatic discovery feature, see the Fortinet Knowledge Base article, Fortinet Discovery Protocol in Transparent mode.
Mike.. can I use a fortigate 40F as a home firewall device and not part of an SD-WAN setup?
Absolutely