Log policy, Config Policy, CSV format | Fortinet FortiLog-100

Managing the FortiLog unit	Config

Level	Select the severity level for which you want to record log messages to a
	remote syslog server. The FortiLog unit logs all levels of severity down to,
	but not lower than, the level you select. For example, if you want to record
	emergency, alert, critical, and error messages, select Error. “Log policy”
	on page 45 lists the log message levels.
Config Policy	Select Config policy for which activities you want the FortiLog unit to
	record log messages.
CSV format	Enable CSV format to record log messages in comma-separated value
	(CSV) formatted files. Log message fields are separated by commas.

Log policy

Levels		Description	Generated by
0	- Emergency	The system has become unstable.	Emergency messages not
			available.
1	- Alert	Immediate action is required.	NIDS attack log messages.
2	- Critical	Functionality is affected.	DHCP
3	- Error	An error condition exists and functionality Error messages not available.
		could be affected.
4	- Warning	Functionality could be affected.	Antivirus, Web filter, email filter,
			and system event log messages.
5	- Notice	Information about normal events.	Antivirus, Web filter, and email
			filter log messages.
6	- Information	General information about system	Antivirus, Web filter, email filter log
		operations.	messages, and other event log
			messages.

Select Config Policy to configure the FortiLog unit to send event log messages to a local or remote syslog server.

Enable Event Log to record management and activity events. Management events include changes to the FortiLog unit configuration as well as administrator and user logins and logouts. Activity events include system activities such as IPSec negotiation events

Figure 16: Config log policy

FortiLog Administration Guide

05-16000-0082-20050115

45

Image 45

Fortinet FortiLog-100, FortiLog-800, FortiLog-400 Log policy, Config Policy, CSV format, Levels Description Generated by

Contents

January 15, 2004 FortiLog-100 FortiLog-400 FortiLog-800 Version 1.6 January 15 05-16000-0082-20050115 TrademarksRegulatory Compliance Table of Contents Managing the FortiLog unit Config Network Reports 103 Setting folder and file properties104 110 FortiLog-400 FortiLog-100 FortiLog-800 Introduction Operational Modes Active Mode Introduction Passive Mode Explains how to install and set up the FortiLog unit About this guideFortiLog documentation Explains how to configure VPNs using the web-based manager Related documentationFortiGate documentation FortiClient documentation FortiManager documentationFortiMail documentation Fortinet Knowledge Center Customer service and technical support Customer service and technical support Checking the package contents Setting up the FortiLog unit Hardware specifications Dimensions WeightFortiLog-100 2.5 kg FortiLog-400 11 kg FortiLog-80014 kg Power requirements Planning the installationEnvironmental specifications Air flow Connecting the FortiLog unit Connecting the FortiLog unitFortiLog unit Management PC To connect the FortiLog unit to the network Using the web-based manager Configuring the FortiLog unitFactory defaults Administrator To connect to the web-based manager To configure the FortiLog unit using the web-based manager Using the command line interfaceTo configure the FortiLog unit using the CLI Set system interface port1 mode static ip IPaddress netmask Using the front panel buttons and LCD Set the primary DNS server IP addressSet system dns primary IPaddress Configuring the FortiLog unit Configuring FortiGate unit running FortiOS Connecting to the FortiLog UnitGo to Log&Report Log Config Sending device logs to the FortiLog unit FortiGate 2.8 log settings Configuring FortiGate devices running FortiOS FortiGate 2.5 Log settings Configuring FortiMail devices To add a device Adding a deviceGroups from this tab Unregistered Defining device port interfaces To create a device group Go to System Devices Groups Creating Device Groups Managing the FortiLog unit StatusStatus Interval Operating ModeRefresh Alerts Changing the FortiLog host name To change the operating mode in the CLIChanging operating modes Set system opmode activepassive To change the firmware using the web-based manager Viewing system resources informationChanging the firmware To change the firmware using the CLI Installing firmware from a system rebootExecute restore image namestr tftpip Execute restore image FortiLog400-v120.out Press any key to enter configuration menu To install firmware from a system rebootImmediately press any key to interrupt the system startup Enter Local Address To test a new firmware image before installing it Testing a new firmware imageFollowing message appears Enter File Name image.out Save as Default firmware/Run image without savingD/R Installing a backup firmware imageGet system status You can test the new firmware image as required Type B To install a backup firmware image Switching to a backup firmware image Switching to the default firmware imageTo switch to the backup firmware image To switch back to the default firmware image Backing up system settingsExecute reboot To backup up system settings Go to System Status Status Restore factory default system settings Restoring system settingsTo restore system settings Go to System Status Status Restoring a FortiLog unit Press any key to begin download To upload the firmware image to the FortiLog unit Network Config Config RAID Config Policy Log settingsLog to Host Port Log policy Config PolicyCSV format Levels Description Generated by Time AdminOptions Language Configure Administrator access Administrator options Administrator account levels Devices Active mode Changing the Administrator passwordTo add an administrator account Go to System Config Admin Device list Adding and registering a deviceEditing device information Alert Email ServerTo edit a device Go to System Devices Device Active mode LocalCreating a new device alert Attack Type Entry and listing Level of wait interval Attack Type Alerts To add a device alert Go to System Alert Email DeviceVirus Type Network Sharing Defining IP aliasesWindow IP aliases To set host alias names Go to Reports IP Aliases Reports To create a report Go to Reports ConfigCreating and generating a report Select New and enter a name for the report To define report parameters Go to Reports Config Configuring report parametersSet the following Select Run now To set the report queries Go to Reports Config Configuring a report queryResolve Service Names Ranked Reports show top Select a report from the list Select Queries Creating a query profile To select the devices Go to Reports ConfigSelecting the devices for the report To create a query profile Creating a device profile To set the filtering on a log report Go to Reports ConfigSelect filtering options To create a device profile To create a scheduled report Go to Reports Config Setting a report scheduleCreating a filter profile To create a report filter profile Choosing the report destination and format Creating a report schedule profileSelect Schedule Select a day from the following To create a report schedule profile Creating a report destination and format profile To generate a report on demand Go to Reports ConfigReports on demand To create a pre-defined output selection To view a generated report Go to File Browse Reports Viewing reports Individual reports Roll up report To create a report Go to Reports Config Vulnerability Vulnerability reportsCreating and generating a report Per device Resolve Host Names Resolve Service Names Selecting report result parametersSelecting plug-ins Creating a plug-in profile To select the plug-ins Go to Reports Config VulnerabilitiesSelecting the scan targets for the report To create a plug-in profile Creating a scan target profile To add additional devicesTo create a scan target profile Browse/Reports hard disk FileEmail list As an email attachment Select the report name from the list of completed reports Viewing the vulnerability report Using Logs Viewing logs Log view interface To view the device log files Go to File Browse Logs Finding log informationSelect the column header to change the sort order between Ascending and descending order Basic log filter Alert level Importing log filesTo import a log file Go to File Browse Logs Match Up and Down arrows Log Search Log watch Active modeTo set log watching Go to File Browse Logs Show Up and Down arrows Sort list Event correlation Active mode Event correlation Active mode Connecting to the FortiLog file system Using the FortiLog unit as a NAS Select Enable for a file sharing protocol Providing access to the FortiLog hard diskSelecting a file sharing protocol Adding and modifying user accounts Adding and modifying group accounts Assigning access to foldersTo add a user group Go to Network Sharing Groups Select Create New Windows sharing configuration NFS share configuration Modifying the user or group folder access Setting folder and file properties To set file and folder permissions Go to File Browse FilesOwner CLI documentation conventions FortiLog CLI reference Connecting to the FortiLog-800 console Connecting to the CLIFortiLog-800 login To connect to the FortiLog-800 console Setting administrative access for SSH or Telnet To use the CLI to configure SSH or Telnet accessWelcome Connecting to the FortiLog CLI using Telnet Connecting to the FortiLog CLI using SSHTo connect to the CLI using SSH To connect to the CLI using Telnet CLI commands FortiLog CLI commands includeExecute branch Use get to display settings, logs, or system information Get command architectureGet branch Get system admin Get log logsettingGet report resolve Get report aliases Use set alertemail to configure alert mails Use set to configure settings, logs, or system informationSet alertemail command architecture Set branch Namestr is the user name String is the passwordBelow Set alertmail local time 0.5 1.0 3.0 6.0 CLI commands Set alertmail device enable add leveltimeSettings originate from a singe source IP Set console Use set console to set console configuration Use set log to configure log settings Set log command architectureSet log YY-MM-DD 100 101 102 103 Set NAS Set report Set report command architectureSet system 104 105 106 107 0.0 108Trusthoststr is trusted host IP address Netmaskstr is the netmask 109 Unset branch 111 112 Network Activity Appendix a Log Report TypesWeb Activity 113 FTP Activity Mail Activity Terminal Activity115 Mail activity reports record Email traffic and connections Intrusion Activity Antivirus ActivityWeb Filter Activity 117 Mail Filter Activity VPN Activity Content Activity 119 120 121 Index Index 122 123 124