Fortinet 546 FortiWeb 5.0 Patch 6 Administration Guide
To configure logging
1. Set the severity level threshold that log messages must meet or exceed in order to be sent to
each log storage device. If you will store logs remotely, also configure connectivity
information such as the IP address. See “Configuring log destinations” on page 549,
“Configuring Syslog settings” on page 554, and “Configuring FortiAnalyzer policies” on
page 555.
2. Group Syslog and FortiAnalyzer settings and select those groups in Trigger Action settings
throughout the configuration of web protection features. See “Configuring triggers” on
page 557.
3. Enable logging in general. See “Enabling log types, packet payload retention, & resource
shortage alerts” on page 546.
4. If you want to log attacks, select an Alert option as the Action setting when configuring
attack protection.
5. Monitor your log messages via the web UI or through alert email for events that require
action from network administrators. See “Viewing log messages” on page 557 and “Alert
email” on page 576. Configure reports that are derived from log data to review trends in your
network. See “Reports” on page 586.
Enabling log types, packet payload retention, & resource shortage alertsYou can enable or disable logging for each log type, as well as configure system alert
thresholds, and which policy violations should cause the appliance to retain the TCP/IP packet
payload (HTTP headers and a portion of the HTTP body, if any) that can be viewed with its
corresponding log message.
For more information on log types, see “Log types” on page 543.
To enable logging
1. Go to Log&Report > Log Config > Other Log Settings.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Log & Report category. For details, see
“Permissions” on page 47.