Config

System

Log file should be

Select the frequency of when the FortiAnalyzer unit renames the

rolled... even if size

current log file and starts a new active log file.

is not exceeded

• Daily: Roll log files daily, even if the log file has not yet reached

 

maximum file size.

 

• Weekly: Roll log files weekly, even if the log file has not yet

 

reached maximum file size.

 

• Optional: Roll log files only when the log file reaches the

 

maximum file size, regardless of time interval.

 

This option appears only when Use System Device Log Settings is

 

disabled.

Log to Host

Select to send log messages generated by the FortiAnalyzer unit to

 

another host, such as a Syslog server.

IP

Enter the IP address of the Syslog server.

Port

Enter the Syslog port. The default port is 514.

Log Level

Select the severity level for the log messages recorded to the Syslog

 

server. The FortiAnalyzer unit logs all levels of severity down to, but

 

not less severe than, the level you select. For example, if you want to

 

record emergency, critical, and error messages, select Error.

Format

Enable CSV format to record log messages in comma-separated

 

value (CSV) formatted files. Log message fields are separated by

 

commas. When disabled, logs are recorded as standard log files.

Event Log

Select to configure which FortiAnalyzer unit events the FortiAnalyzer

 

unit records to the log. Events can be logged locally on the

 

FortiAnalyzer unit, or to the host indicated in Log to Host. Loggable

 

event types include When configuration has changed, IPSec

 

negotiation event, Admin login/logout event, and System activity

 

event.

Automatcially Delete

Select to configure automatic deletion of older logs. Enable the type of log or report you wish to automatically delete (Logs older than, Network analyzer logs older than, Local logs older than, Reports older than, Content archive files older than), then select from Hours, Weeks, Days or Months, and enter the value for the age unit.

Configuring log aggregation

Log aggregation is a method of collecting log data from one or more FortiAnalyzer units to a central FortiAnalyzer unit.

Log aggregation involves one or more FortiAnalyzer units configured to act as aggregation clients, and a FortiAnalyzer unit configured to act as an aggregation server. The aggregation client sends all of its device logs, including quarantined or content archived files, to the aggregation server. The transfer includes the active log to the point of aggregation (for example, tlog.log) and all rolled logs stored on the aggregation client (tlog.1.log, tlog.2.log, tlog.3.log …). Subsequent log aggregations include only changes; the aggregation client does not re-send previously aggregated logs.

On the aggregation server, additional devices will appear in the device list, corresponding to those devices which log to the aggregation clients. You can easily identify these devices, as they do not have Rx and Tx permissions.

 

FortiAnalyzer Version 3.0 MR7 Administration Guide

58

05-30007-0082-20080908

Page 58
Image 58
Fortinet 3.0 MR7 manual Configuring log aggregation