Fortinet 556 FortiWeb 5.0 Patch 6 Administration Guide
Once you create FortiAnalyzer connection settings, it can be referenced by a trigger, which in
turn can be selected as a trigger action in a protection profile, and used to record policy
violations.
To configure FortiAnalyzer policies
1. Before you can log to FortiAnalyzer, you must enable logging for the log type that you want
to use as a trigger. For details, see “Enabling log types, packet payload retention, & resource
shortage alerts” on page 546.
2. Go to Log&Report > Log Policy > FortiAnalyzer Policy.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Log & Report category. For details, see
“Permissions” on page 47.
3. Click Create New.
A dialog appears.
4. In Name, type a unique name that can be referenced by other parts of the configuration. Do
not use spaces or special characters. The maximum length is 35 characters.
5. In IP Address, type the address of the remote FortiAnalyzer appliance.
6. Click OK.
7. Confirm with the FortiAnalyzer administrator that the FortiWeb appliance was added to the
FortiAnalyzer appliance’s device list, allocated sufficient disk space quota, and assigned
permission to transmit logs to the FortiAnalyzer appliance. For details, see the FortiAnalyzer
Administration Guide.
8. To verify logging connectivity, from the FortiWeb appliance, trigger a log message that
matches the types and severity levels that you have chosen to store on the remote host.
Then, on the remote host, confirm that it has received that log message.
If the remote host does not receive the log messages, verify the FortiWeb appliance’s
network interfaces (see “Configuring the network interfaces” on page 113) and static routes
(see “Adding a gateway” on page 125), and the policies on any intermediary firewalls or
routers. If ICMP ECHO_RESPONSE (pong) is enabled on the remote host, try using the
execute traceroute command to determine the point where connectivity fails. For
details, see the FortiWeb CLI Reference.
See also
•Configuring log destinations
•Viewing log messages
•Enabling log types, packet payload retention, & resource shortage alerts
•Configuring triggers
•Obscuring sensitive data in the logs
Logs stored remotely cannot be viewed from the web UI of the FortiWeb appliance. If you
require the ability to view logs from the web UI, also enable local storage. For details, see
“Enabling log types, packet payload retention, & resource shortage alerts” on page 546.