# config log syslogd setting
# set status enable
# set server [FQDN Syslog Server or IP]
# set reliable [Activate TCP-514 or UDP-514 which means UDP is default]
# set port [Standard 514]
# set csv [enable | disable]
# set facility [By Standard local7]
# set source-ip [Source IP of FortiGate; By Standard 0.0.0.0]
# end
{syslogd | syslogd2 | syslogd3} setting
Use this command to configure log settings for logging to a remote syslog server. You can configure the FortiGate unit to send logs to a remote computer running a syslog server.
Using the CLI, you can send logs to up to three different syslog servers. Configure additional syslog servers using syslogd2and syslogd3 commands and the same fields outlined below.
Syslog CLI commands are not cumulative. Using a syntax similar to the following is not valid:
config log syslogd syslogd2 syslogd3 setting
|
Syntax
config log {syslogd | syslogd2 | syslogd3} setting
end
Variable
|
Description
|
Default
|
status {enable | disable}
|
Enter enable to enable logging to a remote syslog server.
|
disable
|
csv {enable | disable}
|
Enter enable to enable the FortiGate unit to produce the log in Comma Separated Value (CSV) format. If you do not enable CSV format the FortiGate unit produces plain text files.
|
disable
|
facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}
|
Enter the facility type. facility identifies the source of the log message to syslog. You might want to change facility to distinguish log messages from different FortiGate units. Available facility types are:
•alert: log alert
•audit: log audit
•auth: security/authorization messages
•authpriv: security/authorization messages (private)
•clock: clock daemon
•cron: cron daemon performing scheduled commands
•daemon: system daemons running background system processes
•ftp: File Transfer Protocol (FTP) daemon
•kernel: kernel messages
•local0 – local7: reserved for local use
•lpr: line printer subsystem
•mail: email system
•news: network news subsystem
•ntp: Network Time Protocol (NTP) daemon
•syslog: messages generated internally by the syslog daemon
|
local7
|
port <port_integer>
|
Enter the port number for communication with the syslog server.
|
514
|
reliable {enable | disable}
|
Enable reliable delivery of syslog messages to the syslog server. When enabled, the FortiGate unit implements the RAW profile of RFC 3195 for reliable delivery of log messages to the syslog server.
Reliable syslog protects log information through authentication and data encryption and ensures that the log messages are reliably delivered in the correct order.
|
disable
|
server <address_ipv4 | FQDN>
|
Enter the IP address of the syslog server that stores the logs.
Host names must comply with RFC1035.
|
No default.
|
source-ip <address_ipv4>
|
Enter source IP address for syslogd, syslog2 and syslog3
|
0.0.0.0
|