Fortinet black logo

Online Help

Home FortiCNP 22.4.a Online Help
22.4.a
22.4.a
22.3.b
22.3.a

Enable Send Logs in FortiGate

Enable Send Logs in FortiGate

The first thing is to establish connection between FortiCNP and FortiGate to enable send logs to FortiAnalyzer/FortiManager. This allows FortiCNP OFTP(Odette File Transfer Protocol) server to communicate with FortiGate.

  1. In FortiCNP, Add New FortiGate page, copy the FortiCNP OFTP server address from step#1.

  2. Log into FortiGate with your admin account.
  3. Go to Log & Reports > Log Settings.
  4. Scroll down to Remote Logging and Archiving.
  5. Enable Send logs to FortiAnalyzer/FortiManager.

  6. In Server field paste the OFTP server address from FortiCNP.
  7. Disable Verify FortiAnalyzer certificate to stop verification on FortiAnalyzer certificate.
  8. Click Test Connectivity and check the Connection Status, it should be changed to Connected status.
  9. Scroll down to Log Settings, uncheck all items in Event Logging and Local Traffic Log, and click Apply.

    10. Note:This is to prevent too many logs being sent to FortiCNP and only show IPS logs.

  10. Open FortiGate CLI command and configure Fortianalyzer with the following commands:

    #config log fortianalyzer setting

    #set reliable enable

    #end

When clicked Test Connectivity in Log Settings, it may show "Unauthorized" status. This is due to the FortiGate device has not been added to FortiCNP yet. Please finish the onboarding process to add FortiGate device on FortiCNP, then come back to test the connectivity again.

Configure Log Settings Using FortiGate CLI mode

Alternatively, send log can be enabled through FortiGate's CLI mode.

Use the following command in FortiGate CLI mode to enable log settings.

#config log fortianalyzer setting

#set status enable

#set server <FortiCNP OFTP server IP>

#set enc-algorithm high-medium

#set upload-option realtime

#set reliable enable

#end

Test the connection using the following CLI command:

#execute log fortianalyzer test-connectivity

Previous
Next

Enable Send Logs in FortiGate

The first thing is to establish connection between FortiCNP and FortiGate to enable send logs to FortiAnalyzer/FortiManager. This allows FortiCNP OFTP(Odette File Transfer Protocol) server to communicate with FortiGate.

  1. In FortiCNP, Add New FortiGate page, copy the FortiCNP OFTP server address from step#1.

  2. Log into FortiGate with your admin account.
  3. Go to Log & Reports > Log Settings.
  4. Scroll down to Remote Logging and Archiving.
  5. Enable Send logs to FortiAnalyzer/FortiManager.

  6. In Server field paste the OFTP server address from FortiCNP.
  7. Disable Verify FortiAnalyzer certificate to stop verification on FortiAnalyzer certificate.
  8. Click Test Connectivity and check the Connection Status, it should be changed to Connected status.
  9. Scroll down to Log Settings, uncheck all items in Event Logging and Local Traffic Log, and click Apply.

    10. Note:This is to prevent too many logs being sent to FortiCNP and only show IPS logs.

  10. Open FortiGate CLI command and configure Fortianalyzer with the following commands:

    #config log fortianalyzer setting

    #set reliable enable

    #end

When clicked Test Connectivity in Log Settings, it may show "Unauthorized" status. This is due to the FortiGate device has not been added to FortiCNP yet. Please finish the onboarding process to add FortiGate device on FortiCNP, then come back to test the connectivity again.

Configure Log Settings Using FortiGate CLI mode

Alternatively, send log can be enabled through FortiGate's CLI mode.

Use the following command in FortiGate CLI mode to enable log settings.

#config log fortianalyzer setting

#set status enable

#set server <FortiCNP OFTP server IP>

#set enc-algorithm high-medium

#set upload-option realtime

#set reliable enable

#end

Test the connection using the following CLI command:

#execute log fortianalyzer test-connectivity

Previous
Next