Support User Manuals

Fortinet 5.0 Patch 6 Microscope & Magnifier User Manual

Open as PDF

of 705

Fortinet 555 FortiWeb 5.0 Patch 6 Administration Guide

Syslog settings can be referenced by a trigger, which in turn can be selected as the trigger

action in a protection profile, and used to send log messages to your Syslog server whenever a

policy violation occurs.

To configure Syslog policies

1. Bef

or

e you can log to Syslog, you must enable it for the log type that you want to use as a

trigger. For details, see “Enabling log types, packet payload retention, & resource shortage

alerts” on page 546.

2. Go to Log&Report > Log Policy > Syslog Policy.

To access this part of the web UI, your administrator’s account access profile must have

Read and Write permission to items in the Log & Report category. For details, see

“Permissions” on page 47.

3. Click Create New.

A dialog appears.

4. If the policy is new, in Policy Name, type the name of the policy as it will be referenced in the

configuration.

5. In IP Address, enter the address of the remote Syslog server.

6. In Port, enter the listening port number of the Syslog server. The default is 514.

7. Mark the Enable CSV Format check box if you want to send log messages in

comma-separated value (CSV) format.

8. Click OK.

9. To verify logging connectivity, from the FortiWeb appliance, trigger a log message that

matches the types and severity levels that you have chosen to store on the remote host.

Then, on the remote host, confirm that it has received that log message.

If the remote host does not receive the log messages, verify the FortiWeb appliance’s

network interfaces (see “Configuring the network interfaces” on page 113) and static routes

(see “Adding a gateway” on page 125), and the policies on any intermediary firewalls or

routers. If ICMP is enabled on the remote host, try using the execute traceroute

command to determine the point where connectivity fails. For details, see the FortiWeb CLI

Reference.

See also

• Configuring log destinations

• Viewing log messages

• Enabling log types, packet payload retention, & resource shortage alerts

• Configuring triggers

• Configuring log destinations

• Obscuring sensitive data in the logs

Configuring FortiAnalyzer policies

Before you can store log messages remotely on a FortiAnalyzer appliance, you must first create

FortiAnalyzer connection settings.

Logs stored remotely cannot be viewed from the FortiWeb web UI. If you require the ability to

view logs from the web UI, also enable local storage. For details, see

“Enabling log types,

packet payload retention, & resource shortage alerts” on page 546.

previous next