FortiGate-400 Installation and Configuration Guide Version 2.50 MR2

Logging and reporting

You can configure the FortiGate unit to log network activity from routine configuration changes and traffic sessions to emergency events. You can also configure the FortiGate unit to send alert email messages to inform system administrators about events such as network attacks, virus incidents, and firewall and VPN events.

This chapter describes:

Recording logs

Filtering log messages

Configuring traffic logging

Viewing logs saved to memory

Viewing and managing logs saved to the hard disk

Configuring alert email

Recording logs

You can configure logging to record logs to one or more of:

a computer running a syslog server,

a computer running a WebTrends firewall reporting server,

the FortiGate hard disk (if your FortiGate unit contains a hard disk),

the console.

You can also configure logging to record event, attack, antivirus, web filter, and email filter logs to the FortiGate system memory if your FortiGate unit does not contain a hard disk. Logging to memory allows quick access to only the most recent log entries. If the FortiGate unit restarts, the log entries are lost.

You can select the same or different severity levels for each log location. For example, you might want to record only emergency and alert level messages to the FortiGate memory and record all levels of messages on a remote computer.

For information about filtering the log types and activities that the FortiGate unit records, see “Filtering log messages” on page 284. For information about traffic logs, see “Configuring traffic logging” on page 286.

FortiGate-400 Installation and Configuration Guide

281

Page 281
Image 281
Fortinet 400 manual Logging and reporting, Recording logs, 281