Logging and reporting
You can configure the FortiGate unit to log network activity from routine configuration changes and traffic sessions to emergency events. You can also configure the FortiGate unit to send alert email messages to inform system administrators about events such as network attacks, virus incidents, and firewall and VPN events.
This chapter describes:
•Recording logs
•Filtering log messages
•Configuring traffic logging
•Viewing logs saved to memory
•Viewing and managing logs saved to the hard disk
•Configuring alert email
Recording logs
You can configure logging to record logs to one or more of:
•a computer running a syslog server,
•a computer running a WebTrends firewall reporting server,
•the FortiGate hard disk (if your FortiGate unit contains a hard disk),
•the console.
You can also configure logging to record event, attack, antivirus, web filter, and email filter logs to the FortiGate system memory if your FortiGate unit does not contain a hard disk. Logging to memory allows quick access to only the most recent log entries. If the FortiGate unit restarts, the log entries are lost.
You can select the same or different severity levels for each log location. For example, you might want to record only emergency and alert level messages to the FortiGate memory and record all levels of messages on a remote computer.
For information about filtering the log types and activities that the FortiGate unit records, see “Filtering log messages” on page 284. For information about traffic logs, see “Configuring traffic logging” on page 286.
281 |