Fortinet black logo

Administration Guide

Managing log forwarding

Managing log forwarding

Log forwarding mode server entries can be edited and deleted using both the GUI and the CLI. Aggregation mode server entries can only be managed using the CLI. Entries cannot be enabled or disabled using the CLI.

To enable or disable a log forwarding server entry:
  1. Go to System Settings > Log Forwarding.
  2. Double-click on a server entry, right-click on a server entry and select Edit, or select a server entry then click Edit in the toolbar. The Edit Log Forwarding pane opens.
  3. Set the Status to Off to disable the log forwarding server entry, or set it to On to enable the server entry.

    Only the name of the server entry can be edited when it is disabled.

  4. Click OK to apply your changes.
To edit a log forwarding server entry using the GUI:
  1. Go to System Settings > Log Forwarding.
  2. Double-click on a server entry, right-click on a server entry and select Edit, or select a server entry then click Edit in the toolbar. The Edit Log Forwarding pane opens.
  3. Edit the settings as required, then click OK to apply your changes.
To edit a log forwarding server entry using the CLI:
  1. Open the log forwarding command shell:

    config system log-forward

  2. Enter an existing entry using its log forwarding ID:

    edit <log forwarding ID>

  3. Edit the settings as required. See the FortiAnalyzer CLI Reference for information.
  4. Enter the following command to apply your changes:

    end

To delete a log forwarding server entry or entries using the GUI:
  1. Go to System Settings > Log Forwarding.
  2. Select the entry or entries you need to delete.
  3. Click Delete in the toolbar, or right-click and select Delete.
  4. Click OK in the confirmation dialog box to delete the selected entry or entries.
To delete a log forwarding server entry using the CLI:
  1. Open the log forwarding command shell:

    config system log-forward

  2. Delete an entry using its log forwarding ID:

    delete <log forwarding ID>

    The log forwarding server entry is immediately deleted. There is no confirmation.

To delete all log forwarding entries using the CLI:
  1. Enter the following CLI command:

    config system log-forward

    purge

  2. Enter y to delete all the entries.

    This operation will clear all table!

    Do you want to continue? (y/n)y

Managing log forwarding

Log forwarding mode server entries can be edited and deleted using both the GUI and the CLI. Aggregation mode server entries can only be managed using the CLI. Entries cannot be enabled or disabled using the CLI.

To enable or disable a log forwarding server entry:
  1. Go to System Settings > Log Forwarding.
  2. Double-click on a server entry, right-click on a server entry and select Edit, or select a server entry then click Edit in the toolbar. The Edit Log Forwarding pane opens.
  3. Set the Status to Off to disable the log forwarding server entry, or set it to On to enable the server entry.

    Only the name of the server entry can be edited when it is disabled.

  4. Click OK to apply your changes.
To edit a log forwarding server entry using the GUI:
  1. Go to System Settings > Log Forwarding.
  2. Double-click on a server entry, right-click on a server entry and select Edit, or select a server entry then click Edit in the toolbar. The Edit Log Forwarding pane opens.
  3. Edit the settings as required, then click OK to apply your changes.
To edit a log forwarding server entry using the CLI:
  1. Open the log forwarding command shell:

    config system log-forward

  2. Enter an existing entry using its log forwarding ID:

    edit <log forwarding ID>

  3. Edit the settings as required. See the FortiAnalyzer CLI Reference for information.
  4. Enter the following command to apply your changes:

    end

To delete a log forwarding server entry or entries using the GUI:
  1. Go to System Settings > Log Forwarding.
  2. Select the entry or entries you need to delete.
  3. Click Delete in the toolbar, or right-click and select Delete.
  4. Click OK in the confirmation dialog box to delete the selected entry or entries.
To delete a log forwarding server entry using the CLI:
  1. Open the log forwarding command shell:

    config system log-forward

  2. Delete an entry using its log forwarding ID:

    delete <log forwarding ID>

    The log forwarding server entry is immediately deleted. There is no confirmation.

To delete all log forwarding entries using the CLI:
  1. Enter the following CLI command:

    config system log-forward

    purge

  2. Enter y to delete all the entries.

    This operation will clear all table!

    Do you want to continue? (y/n)y