Syslog Settings
Configure FortiNAC as a syslog server. FortiNAC listens for syslog on port 514.
In the FortiGate CLI:
-
Enable send logs to syslog
-
Add the primary (Eth0/port1) FortiNAC IP Address of the control server.
-
Important: Source-IP setting must match IP address used to model the FortiGate in Topology
-
Enable Event Logging and make sure that VPN activity event is selected.
-
Log messages with ids of 0101039947 and 0101039948 (SSL), or 0101037129 and 0101037134 (IPSec) must be sent to FortiNAC.
Note: Care should be taken to avoid having the FortiGate send too many unnecessary log messages to FortiNAC. This can cause delays in message processing or even loss of messages.
CLI Settings:
FortiOS below 7.0
config log syslogd setting
set status enable >> This will send logs to syslog
set server "10.200.20.20" >> FortiNAC eth0/port1 IP address
set source-ip "10.200.20.1". >> FortiGate IP address in FortiNAC Topology View
set format csv
end
config log syslogd filter
set filter "logid(0101039947,0101039948,0101037129,0101037134)" >> syslog ids
end
config log eventfilter
set event enable >> Enable event logging
set vpn enable >> Enable VPN activity event
end
For details on syslog filters see related KB article
FortiOS 7.0 and above
config log syslogd setting
set status enable >> Send logs to syslog
set server "10.200.20.20" >> FortiNAC eth0/port1 IP address
set source-ip "10.200.20.1". >> FortiGate IP address in FortiNAC Inventory View
set format csv
end
config log syslogd filter
set forward-traffic disable
set local-traffic disable
set multicast-traffic disable
set sniffer-traffic disable
set ztna-traffic disable
config free-style
edit 1
set category event >> Event log type
set filter "(logid 0101039947 0101039948 0101037129 0101037134)"
next
end
end
config log eventfilter
set event enable >> Enable event logging
set vpn enable >> Enable VPN activity event
end
Reference
syslogd settings and filters:
Sections:
To configure remote logging to a syslog server
To configure log filters for a syslog server
Free-style filters:
For details on syslog free-style filters see related KB article
Build VPN tunnel. Proceed to the appropriate section: