Fortigate - Logging

Enable logging per firewall policy:

config firewall policy
edit <policy id>
set logtrafffic-start enable
end
end

Set severity log globally to information level:

config log memory filter
get
set severity information
end

The Log all events must be enabled via GUI per policy as well.

Ignore broadcast log messages on log files:

config log setting
set local-in-deny disable
end

The default is enable.

This example shows how to enable logging to a remote Syslog server, configure an IP address and port for the server, and set the facility type to user:

config log syslogd setting
 set status enable
 set server 220.210.200.190
 set port 514
 set facility user
end

config log syslogd filter
 set severity error
 end

How to display the configuration for logging to a remote syslog server:

show log syslogd setting

If the show command returns you to the prompt, the settings are at default.


Sources *http://docs.forticare.com/fgt/admin/01-28008-0002-20050909_FortiGate-60_Administration_Guide.pdf *http://kc.forticare.com/default.asp?id=1580&Lang=1&SID= *https://forum.fortinet.com/tm.aspx?m=101103