Fortinet white logo
Fortinet white logo

Administration Guide

Syslog Server

Syslog Server

Go to System Settings > Advanced > Syslog Server to configure syslog server settings. Syslog servers can be added, edited, deleted, and tested.

After adding a syslog server, you must also enable FortiAnalyzer to send local logs to the syslog server. See Send local logs to syslog server.

If an existing syslog server is in use, the delete icon is removed and the server entry cannot be deleted.

To add a syslog server:
  1. Go to System Settings > Advanced > Syslog Server.
  2. Click Create New in the toolbar. The Create New Syslog Server Settings pane opens.

  3. Configure the following settings and then select OK to create the syslog server.

    Name

    Enter a name for the syslog server.

    IP address (or FQDN)

    Enter the IP address or FQDN of the syslog server.

    Syslog Server Port

    Enter the syslog server port number. The default port is 514.

    Reliable Connection

    Enable or disable a reliable connection with the syslog server. The default is disable.

    Secure Connection

    Enable/disable connection secured by TLS/SSL. The default is disable.

    This option is only available when Reliable Connection is enabled.

    Local Certificate CN

    Enter one of the available local certificates used for secure connection: Fortinet_Local or Fortinet_Local2. The default is Fortinet_Local.

    This option is only available when Secure Connection is enabled.

    Peer Certificate CN

    Enter the certificate common name of syslog server. Null means no certificate CN for the syslog server.

    This option is only available when Secure Connection is enabled.

To enable sending FortiAnalyzer local logs to syslog server:
  1. Go to System Settings > Advanced > Syslog Server.
  2. Double-click on a server, right-click on a server and then select Edit from the menu, or select a server then click Edit in the toolbar. The Edit Syslog Server Settings pane opens.
  3. Edit the settings as required, and then click OK to apply the changes.
To edit a syslog server:
  1. Go to System Settings > Advanced > Syslog Server.
  2. Double-click on a server, right-click on a server and then select Edit from the menu, or select a server then click Edit in the toolbar. The Edit Syslog Server Settings pane opens.
  3. Edit the settings as required, and then click OK to apply the changes.
To test the syslog server:
  1. Go to System Settings > Advanced > Syslog Server.
  2. Select the server you need to test.
  3. Click Test from the toolbar, or right-click and select Test.

    A confirmation or failure message will be displayed.

To delete a syslog server or servers:
  1. Go to System Settings > Advanced > Syslog Server.
  2. Select the server or servers you need to delete.
  3. Click Delete in the toolbar, or right-click and select Delete.
  4. Click OK in the confirmation box to delete the server or servers.

Syslog Server

Syslog Server

Go to System Settings > Advanced > Syslog Server to configure syslog server settings. Syslog servers can be added, edited, deleted, and tested.

After adding a syslog server, you must also enable FortiAnalyzer to send local logs to the syslog server. See Send local logs to syslog server.

If an existing syslog server is in use, the delete icon is removed and the server entry cannot be deleted.

To add a syslog server:
  1. Go to System Settings > Advanced > Syslog Server.
  2. Click Create New in the toolbar. The Create New Syslog Server Settings pane opens.

  3. Configure the following settings and then select OK to create the syslog server.

    Name

    Enter a name for the syslog server.

    IP address (or FQDN)

    Enter the IP address or FQDN of the syslog server.

    Syslog Server Port

    Enter the syslog server port number. The default port is 514.

    Reliable Connection

    Enable or disable a reliable connection with the syslog server. The default is disable.

    Secure Connection

    Enable/disable connection secured by TLS/SSL. The default is disable.

    This option is only available when Reliable Connection is enabled.

    Local Certificate CN

    Enter one of the available local certificates used for secure connection: Fortinet_Local or Fortinet_Local2. The default is Fortinet_Local.

    This option is only available when Secure Connection is enabled.

    Peer Certificate CN

    Enter the certificate common name of syslog server. Null means no certificate CN for the syslog server.

    This option is only available when Secure Connection is enabled.

To enable sending FortiAnalyzer local logs to syslog server:
  1. Go to System Settings > Advanced > Syslog Server.
  2. Double-click on a server, right-click on a server and then select Edit from the menu, or select a server then click Edit in the toolbar. The Edit Syslog Server Settings pane opens.
  3. Edit the settings as required, and then click OK to apply the changes.
To edit a syslog server:
  1. Go to System Settings > Advanced > Syslog Server.
  2. Double-click on a server, right-click on a server and then select Edit from the menu, or select a server then click Edit in the toolbar. The Edit Syslog Server Settings pane opens.
  3. Edit the settings as required, and then click OK to apply the changes.
To test the syslog server:
  1. Go to System Settings > Advanced > Syslog Server.
  2. Select the server you need to test.
  3. Click Test from the toolbar, or right-click and select Test.

    A confirmation or failure message will be displayed.

To delete a syslog server or servers:
  1. Go to System Settings > Advanced > Syslog Server.
  2. Select the server or servers you need to delete.
  3. Click Delete in the toolbar, or right-click and select Delete.
  4. Click OK in the confirmation box to delete the server or servers.