Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.4
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiADC 7.6.4 CLI Reference
    7.6.4
    8.0.2
    8.0.1
    8.0.0
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config log setting global_plugin

    config log setting global_plugin

    Use this command to view or modify global Plugin log export settings. The Plugin framework enables FortiADC to export logs to third-party platforms. Currently, only Kafka is supported.

    Note: Plugin configurations can only be created in the GUI under Log & Report > Log Setting > Plugin. The CLI allows you to edit existing entries and adjust log categories, but it does not allow creating new or modify Kafka configurations.

    Plugin log export is global in scope. All VDOM log data is exported through the root VDOM, and per-VDOM overrides are not supported.

    Syntax

    config log setting global_plugin
    edit <id>
        set status {enable | disable}
        set loglevel {critical | error | warning | notification | information | debug}
        set event-log-status {enable | disable}
        set event-log-category {configuration admin system user health_check slb llb glb firewall all}
        set traffic-log-status {enable | disable}
        set traffic-log-category {slb glb llb all}
        set attack-log-status {enable | disable}
        set attack-log-category {ddos ipreputation waf geo av ztna ips fw all}
        set type kafka
        set config <string>
    next
end
    status Enable or disable the Kafka plugin.

    loglevel

    Select the minimum severity level of logs to export:

    • critical — Functionality is affected.
    • error — An error condition exists and functionality could be affected.
    • warning — Functionality might be affected.
    • notification — Information about normal events.
    • information — General information about system operations.
    • debug — Detailed information about the system that can be used to troubleshoot unexpected behavior.

    The exported logs will include the selected severity level and above. For example, if you select error, the system collects logs with severity level Error and Critical.

    event-log-status

    		 Enable or disable event log export.

    event-log-category

    If event-log-status is enabled, the event-log-category becomes configurable.

    Select one or more of the following event categories to include in the event logs export:

    • configuration — Configuration changes.
    • admin — Administrator actions.
    • system — System operations, warnings, and errors.
    • user — Authentication results logs.
    • health-check — Health check results and client certificate validation check results.
    • slb — Notifications, such as connection limit reached.
    • llb — Notifications, such as bandwidth thresholds reached.
    • glb — Notifications, such as the status of associated local SLB and virtual servers.
    • fw — Notifications for the Firewall module, such as SNAT source IP pool is using all of its addresses.

    traffic-log-status

    		 Enable or disable traffic log export.

    traffic-log-category

    If traffic-log-status is enabled, the traffic-log-category becomes configurable.

    Select one or more of the following traffic categories to include in the traffic logs export:

    • slb — Server Load Balancing traffic logs related to sessions and throughput.
    • dns — Global Load Balancing traffic logs related to DNS requests.
    • llb — Link Load Balancing traffic logs related to session and throughput.

    attack-log-status

    		 Enable or disable security log export.

    attack-log-category

    If attack-log-status is enabled, the attack-log-category becomes configurable.

    Select one or more of the following security categories to include in the security logs export:

    • ddos — DoS protection logs.
    • ipreputation — IP Reputation logs.
    • waf — Web Application Firewall logs.
    • geo — Geo IP blocking logs.
    • av — Antivirus logs.
    • ztna — Zero Trust Network Access logs.
    • ips — Intrusion Prevention System logs.
    • fw — Firewall logs.
    type

    Plugin type. Only kafka is supported.
    config

    Internal reference to the Kafka configuration file generated when the Plugin entry is created in the GUI. The value is displayed as xx.conf, where .conf is the file type and xx is an automatically generated identifier (for example, 80.conf).

    The actual Kafka output configuration (in fluent-bit syntax) can only be created and modified in the GUI under Log & Report > Log Setting > Plugin. The CLI cannot create or edit this configuration; it only displays the internal file reference.

    Example

    FortiADC-VM # show full log setting global_plugin
config log setting global_plugin
  edit 1
    set status enable
    set type kafka
    set config 80.conf
    set loglevel information
    set event-log-status enable
    set event-log-category configuration admin health_check system 
    set traffic-log-status enable
    set traffic-log-category slb dns llb 
    set attack-log-status enable
    set attack-log-category ddos ipreputation waf geo av ips fw ztna 
    unset comment
  next
end
    Previous
    Next

    config log setting global_plugin

    config log setting global_plugin

    Use this command to view or modify global Plugin log export settings. The Plugin framework enables FortiADC to export logs to third-party platforms. Currently, only Kafka is supported.

    Note: Plugin configurations can only be created in the GUI under Log & Report > Log Setting > Plugin. The CLI allows you to edit existing entries and adjust log categories, but it does not allow creating new or modify Kafka configurations.

    Plugin log export is global in scope. All VDOM log data is exported through the root VDOM, and per-VDOM overrides are not supported.

    Syntax

    config log setting global_plugin
    edit <id>
        set status {enable | disable}
        set loglevel {critical | error | warning | notification | information | debug}
        set event-log-status {enable | disable}
        set event-log-category {configuration admin system user health_check slb llb glb firewall all}
        set traffic-log-status {enable | disable}
        set traffic-log-category {slb glb llb all}
        set attack-log-status {enable | disable}
        set attack-log-category {ddos ipreputation waf geo av ztna ips fw all}
        set type kafka
        set config <string>
    next
end
    status Enable or disable the Kafka plugin.

    loglevel

    Select the minimum severity level of logs to export:

    • critical — Functionality is affected.
    • error — An error condition exists and functionality could be affected.
    • warning — Functionality might be affected.
    • notification — Information about normal events.
    • information — General information about system operations.
    • debug — Detailed information about the system that can be used to troubleshoot unexpected behavior.

    The exported logs will include the selected severity level and above. For example, if you select error, the system collects logs with severity level Error and Critical.

    event-log-status

    		 Enable or disable event log export.

    event-log-category

    If event-log-status is enabled, the event-log-category becomes configurable.

    Select one or more of the following event categories to include in the event logs export:

    • configuration — Configuration changes.
    • admin — Administrator actions.
    • system — System operations, warnings, and errors.
    • user — Authentication results logs.
    • health-check — Health check results and client certificate validation check results.
    • slb — Notifications, such as connection limit reached.
    • llb — Notifications, such as bandwidth thresholds reached.
    • glb — Notifications, such as the status of associated local SLB and virtual servers.
    • fw — Notifications for the Firewall module, such as SNAT source IP pool is using all of its addresses.

    traffic-log-status

    		 Enable or disable traffic log export.

    traffic-log-category

    If traffic-log-status is enabled, the traffic-log-category becomes configurable.

    Select one or more of the following traffic categories to include in the traffic logs export:

    • slb — Server Load Balancing traffic logs related to sessions and throughput.
    • dns — Global Load Balancing traffic logs related to DNS requests.
    • llb — Link Load Balancing traffic logs related to session and throughput.

    attack-log-status

    		 Enable or disable security log export.

    attack-log-category

    If attack-log-status is enabled, the attack-log-category becomes configurable.

    Select one or more of the following security categories to include in the security logs export:

    • ddos — DoS protection logs.
    • ipreputation — IP Reputation logs.
    • waf — Web Application Firewall logs.
    • geo — Geo IP blocking logs.
    • av — Antivirus logs.
    • ztna — Zero Trust Network Access logs.
    • ips — Intrusion Prevention System logs.
    • fw — Firewall logs.
    type

    Plugin type. Only kafka is supported.
    config

    Internal reference to the Kafka configuration file generated when the Plugin entry is created in the GUI. The value is displayed as xx.conf, where .conf is the file type and xx is an automatically generated identifier (for example, 80.conf).

    The actual Kafka output configuration (in fluent-bit syntax) can only be created and modified in the GUI under Log & Report > Log Setting > Plugin. The CLI cannot create or edit this configuration; it only displays the internal file reference.

    Example

    FortiADC-VM # show full log setting global_plugin
config log setting global_plugin
  edit 1
    set status enable
    set type kafka
    set config 80.conf
    set loglevel information
    set event-log-status enable
    set event-log-category configuration admin health_check system 
    set traffic-log-status enable
    set traffic-log-category slb dns llb 
    set attack-log-status enable
    set attack-log-category ddos ipreputation waf geo av ips fw ztna 
    unset comment
  next
end
    Previous
    Next