Fortinet white logo
Fortinet white logo

Administration Guide

Configuring syslog overrides for VDOMs

Configuring syslog overrides for VDOMs

Logs can be sent from non-management VDOMs to both global and VDOM-override syslog servers.

config log syslogd override-setting
    set use-management-vdom {enable | disable}
end

set use-management-vdom {enable | disable}

Enable/disable use of management VDOM as source VDOM for logs sent to syslog server.

  • enable: Send logs through the management VDOM.

  • disable: Do not send logs through the management VDOM.

Note

When use-management-vdom is enabled under non-management VDOM, only the management VDOM is used to forward logs to configured syslog servers. Non-management VDOM override syslog servers must be reachable through the management VDOM.

Example

This example covers the following scenarios:

All scenarios use the following IP addresses:

  • Global syslog server: 10.6.30.22

  • Root VDOM gateway: 192.168.5.254

  • Management VDOM (vdom1) gateway: 172.16.200.254

Non-management VDOM with use-management-vdom disabled

In this example, a global syslog server is enabled. For the root VDOM, an override syslog server is enabled with use-management-vdom disabled. For the management VDOM, an override syslog server is enabled. With this configuration, logs are sent to the following locations:

  • All VDOMs, except the root and management VDOMs, send logs to the global syslog server (10.6.30.22).

  • The root VDOM sends logs to its override syslog server at 192.168.5.44.

  • The management VDOM sends logs to its override syslog server at 172.16.200.55.

To configure syslog servers:
  1. Enable the global syslog server:

    config log syslogd setting
        set status enable
        set server "10.6.30.22"
        set facility local6
    end
  2. For the root VDOM, enable an override syslog server and disable use-management-vdom:

    config log syslogd override-setting
        set status enable
        set server "192.168.5.44"
        set use-management-vdom disable
        set facility local6
    end
  3. For the management VDOM (vdom1), enable an override syslog server:

    config log syslogd override-setting
        set status enable
        set server "172.16.200.55"
        set facility local6
    end

Non-management VDOM with use-management-vdom enabled

In this example, a global syslog server is enabled. For the root VDOM, an override syslog server and use-management-vdom are enabled. For the management VDOM, two override syslog servers are enabled. With this configuration, logs are sent to the following locations:

  • All VDOMs, except root and management VDOMs, send logs to the global syslog server (10.6.30.22).

  • The root VDOM cannot send logs to syslog servers because the servers are not reachable through the management VDOM.

    To send logs to 192.168.5.44, set use-management-vdom to disable for the root VDOM. Alternately, configure the root VDOM to use an override syslog server that is reachable through the management VDOM.

  • The management VDOM sends logs to the override syslog server at 172.16.200.55.

To configure syslog servers:
  1. Enable the global syslog server:

    config log syslogd setting
        set status enable
        set server "10.6.30.22"
        set facility local6
    end
  2. For the root VDOM, enable an override syslog server and enable use-management-vdom:

    config log syslogd override-setting
        set status enable
        set server "192.168.5.44"
        set use-management-vdom enable
        set facility local6
    end
  3. For the management VDOM, enable an override syslog server:

    config log syslogd override-setting
        set status enable
        set server "172.16.200.55"
        set facility local6
    end

Non-management VDOM with mix of use-management-vdom enabled and disabled

In this example, a global syslog server is enabled. For the root VDOM, three override syslog servers are enabled with a mix of use-management-vdom set to enabled and disabled. For the management VDOM, an override syslog server is enabled. With this configuration, logs are sent from non-management VDOMs to both global and VDOM-override syslog servers. The logs are sent to the following locations:

  • All VDOMs, except the root and management VDOMs, send logs to the global syslog server (10.6.30.22).

  • The root VDOM sends logs to the following syslog servers:

    • For syslogd, logs are sent to the root VDOM override server at 192.168.5.44 because use-management-vdom is disabled.

    • For syslogd2, logs are sent through the management VDOM to the root VDOM override server at 172.16.200.55 and to the syslog server reachable by the management VDOM because use-management-vdom is enabled.

    • For syslogd3, logs are sent through the management VDOM to the root VDOM override syslog server at 10.6.30.22 and to the syslog server reachable by the management VDOM because use-management-vdom is enabled.

  • The management VDOM (vdom1) sends logs to the override syslog server at 172.16.200.55.

To configure syslog servers:
  1. Enable the global syslog server:

    config log syslogd setting
        set status enable
        set server "10.6.30.22"
        set facility local6
    end
  2. For root, configure three override syslog servers:

    1. For syslogd, enable an override syslog server and disable use-management-vdom:

      config log syslogd override-setting
          set status enable
          set server "192.168.5.44"
          set use-management-vdom disable
          set facility local6
      end
    2. For syslog2, enable an override syslog server and enable use-management-vdom:

      config log syslogd2 override-setting
          set status enable
          set server "172.16.200.55"
          set use-management-vdom enable
          set facility local6
      end
    3. For syslog3, enable an override syslog server and enable use-management-vdom:

      config log syslogd3 override-setting
          set status enable
          set server "10.6.30.22"
          set use-management-vdom enable
      end
  3. For the management VDOM, configure an override syslog server:

    config log syslogd override-setting
        set status enable
        set server "172.16.200.55"
        set facility local6
    end

Configuring syslog overrides for VDOMs

Configuring syslog overrides for VDOMs

Logs can be sent from non-management VDOMs to both global and VDOM-override syslog servers.

config log syslogd override-setting
    set use-management-vdom {enable | disable}
end

set use-management-vdom {enable | disable}

Enable/disable use of management VDOM as source VDOM for logs sent to syslog server.

  • enable: Send logs through the management VDOM.

  • disable: Do not send logs through the management VDOM.

Note

When use-management-vdom is enabled under non-management VDOM, only the management VDOM is used to forward logs to configured syslog servers. Non-management VDOM override syslog servers must be reachable through the management VDOM.

Example

This example covers the following scenarios:

All scenarios use the following IP addresses:

  • Global syslog server: 10.6.30.22

  • Root VDOM gateway: 192.168.5.254

  • Management VDOM (vdom1) gateway: 172.16.200.254

Non-management VDOM with use-management-vdom disabled

In this example, a global syslog server is enabled. For the root VDOM, an override syslog server is enabled with use-management-vdom disabled. For the management VDOM, an override syslog server is enabled. With this configuration, logs are sent to the following locations:

  • All VDOMs, except the root and management VDOMs, send logs to the global syslog server (10.6.30.22).

  • The root VDOM sends logs to its override syslog server at 192.168.5.44.

  • The management VDOM sends logs to its override syslog server at 172.16.200.55.

To configure syslog servers:
  1. Enable the global syslog server:

    config log syslogd setting
        set status enable
        set server "10.6.30.22"
        set facility local6
    end
  2. For the root VDOM, enable an override syslog server and disable use-management-vdom:

    config log syslogd override-setting
        set status enable
        set server "192.168.5.44"
        set use-management-vdom disable
        set facility local6
    end
  3. For the management VDOM (vdom1), enable an override syslog server:

    config log syslogd override-setting
        set status enable
        set server "172.16.200.55"
        set facility local6
    end

Non-management VDOM with use-management-vdom enabled

In this example, a global syslog server is enabled. For the root VDOM, an override syslog server and use-management-vdom are enabled. For the management VDOM, two override syslog servers are enabled. With this configuration, logs are sent to the following locations:

  • All VDOMs, except root and management VDOMs, send logs to the global syslog server (10.6.30.22).

  • The root VDOM cannot send logs to syslog servers because the servers are not reachable through the management VDOM.

    To send logs to 192.168.5.44, set use-management-vdom to disable for the root VDOM. Alternately, configure the root VDOM to use an override syslog server that is reachable through the management VDOM.

  • The management VDOM sends logs to the override syslog server at 172.16.200.55.

To configure syslog servers:
  1. Enable the global syslog server:

    config log syslogd setting
        set status enable
        set server "10.6.30.22"
        set facility local6
    end
  2. For the root VDOM, enable an override syslog server and enable use-management-vdom:

    config log syslogd override-setting
        set status enable
        set server "192.168.5.44"
        set use-management-vdom enable
        set facility local6
    end
  3. For the management VDOM, enable an override syslog server:

    config log syslogd override-setting
        set status enable
        set server "172.16.200.55"
        set facility local6
    end

Non-management VDOM with mix of use-management-vdom enabled and disabled

In this example, a global syslog server is enabled. For the root VDOM, three override syslog servers are enabled with a mix of use-management-vdom set to enabled and disabled. For the management VDOM, an override syslog server is enabled. With this configuration, logs are sent from non-management VDOMs to both global and VDOM-override syslog servers. The logs are sent to the following locations:

  • All VDOMs, except the root and management VDOMs, send logs to the global syslog server (10.6.30.22).

  • The root VDOM sends logs to the following syslog servers:

    • For syslogd, logs are sent to the root VDOM override server at 192.168.5.44 because use-management-vdom is disabled.

    • For syslogd2, logs are sent through the management VDOM to the root VDOM override server at 172.16.200.55 and to the syslog server reachable by the management VDOM because use-management-vdom is enabled.

    • For syslogd3, logs are sent through the management VDOM to the root VDOM override syslog server at 10.6.30.22 and to the syslog server reachable by the management VDOM because use-management-vdom is enabled.

  • The management VDOM (vdom1) sends logs to the override syslog server at 172.16.200.55.

To configure syslog servers:
  1. Enable the global syslog server:

    config log syslogd setting
        set status enable
        set server "10.6.30.22"
        set facility local6
    end
  2. For root, configure three override syslog servers:

    1. For syslogd, enable an override syslog server and disable use-management-vdom:

      config log syslogd override-setting
          set status enable
          set server "192.168.5.44"
          set use-management-vdom disable
          set facility local6
      end
    2. For syslog2, enable an override syslog server and enable use-management-vdom:

      config log syslogd2 override-setting
          set status enable
          set server "172.16.200.55"
          set use-management-vdom enable
          set facility local6
      end
    3. For syslog3, enable an override syslog server and enable use-management-vdom:

      config log syslogd3 override-setting
          set status enable
          set server "10.6.30.22"
          set use-management-vdom enable
      end
  3. For the management VDOM, configure an override syslog server:

    config log syslogd override-setting
        set status enable
        set server "172.16.200.55"
        set facility local6
    end