Fortinet 555 FortiWeb 5.0 Patch 6 Administration Guide
Syslog settings can be referenced by a trigger, which in turn can be selected as the trigger
action in a protection profile, and used to send log messages to your Syslog server whenever a
policy violation occurs.
To configure Syslog policies
1. Before you can log to Syslog, you must enable it for the log type that you want to use as a
trigger. For details, see “Enabling log types, packet payload retention, & resource shortage
alerts” on page 546.
2. Go to Log&Report > Log Policy > Syslog Policy.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Log & Report category. For details, see
“Permissions” on page 47.
3. Click Create New.
A dialog appears.
4. If the policy is new, in Policy Name, type the name of the policy as it will be referenced in the
configuration.
5. In IP Address, enter the address of the remote Syslog server.
6. In Port, enter the listening port number of the Syslog server. The default is 514.
7. Mark the Enable CSV Format check box if you want to send log messages in
comma-separated value (CSV) format.
8. Click OK.
9. To verify logging connectivity, from the FortiWeb appliance, trigger a log message that
matches the types and severity levels that you have chosen to store on the remote host.
Then, on the remote host, confirm that it has received that log message.
If the remote host does not receive the log messages, verify the FortiWeb appliance’s
network interfaces (see “Configuring the network interfaces” on page 113) and static routes
(see “Adding a gateway” on page 125), and the policies on any intermediary firewalls or
routers. If ICMP is enabled on the remote host, try using the execute traceroute
command to determine the point where connectivity fails. For details, see the FortiWeb CLI
Reference.
See also
•Configuring log destinations
•Viewing log messages
•Enabling log types, packet payload retention, & resource shortage alerts
•Configuring triggers
•Configuring log destinations
•Obscuring sensitive data in the logs
Configuring FortiAnalyzer policiesBefore you can store log messages remotely on a FortiAnalyzer appliance, you must first create
FortiAnalyzer connection settings.
Logs stored remotely cannot be viewed from the FortiWeb web UI. If you require the ability to
view logs from the web UI, also enable local storage. For details, see “Enabling log types,
packet payload retention, & resource shortage alerts” on page 546.