12.03.2015 Views

FortiGate Administration Guide - FirewallShop.com

FortiGate Administration Guide - FirewallShop.com

FortiGate Administration Guide - FirewallShop.com

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

Storing Logs<br />

Log&Report<br />

Logging to a Syslog server<br />

A Syslog server is a remote <strong>com</strong>puter running Syslog software and is an industry<br />

standard for logging. Syslog is used to capture log information provided by<br />

network devices. The Syslog server is both a convenient and flexible logging<br />

device, since any <strong>com</strong>puter can run syslog software, such as Linux, Unix, and<br />

intel-based Windows systems.<br />

When configuring logging to a Syslog server, you need to configure the facility and<br />

log file format, normal or Comma Separated Values (CSV). The CSV format<br />

contains <strong>com</strong>mas whereas the normal format contains spaces. Configuring a<br />

facility easily identifies the device that recorded the log file.<br />

Figure 328:Logging to a Syslog server<br />

To configure the <strong>FortiGate</strong> unit to send logs to a syslog server<br />

1 Go to Log&Report > Log Config > Log Setting.<br />

2 Select Syslog.<br />

3 Select the blue arrow to expand the Syslog options.<br />

4 Set the following syslog options and select Apply:<br />

Name/IP<br />

Port<br />

Level<br />

Facility<br />

Enable CSV<br />

Format<br />

The domain name or IP address of the syslog server.<br />

The port number for <strong>com</strong>munication with the syslog server, typically<br />

port 514.<br />

The <strong>FortiGate</strong> unit logs all messages at and above the logging<br />

severity level you select. For details on the logging levels, see<br />

Table 44, “Log severity levels,” on page 471.<br />

Facility indicates to the syslog server the source of a log message.<br />

By default, <strong>FortiGate</strong> reports Facility as local7. You may want to<br />

change Facility to distinguish log messages from different <strong>FortiGate</strong><br />

units.<br />

If you enable CSV format, the <strong>FortiGate</strong> unit produces the log in<br />

Comma Separated Value (CSV) format. If you do not enable CSV<br />

format the <strong>FortiGate</strong> unit produces plain text files.<br />

Note: If more than one Syslog server is configured, the Syslog servers and their settings<br />

display on the Log Settings page. Configuring multiple Syslog servers is done in the CLI.<br />

See the <strong>FortiGate</strong> CLI Reference for more information.<br />

<strong>FortiGate</strong> Version 3.0 MR5 <strong>Administration</strong> <strong>Guide</strong><br />

476 01-30005-0203-20070830

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!