Log Servers

FortiSandbox logs can be sent to a remote syslog server, common event type (CEF) server, or FortiAnalyzer. Go to Log & Report > Log Servers to create new, edit, and delete remote log server settings. You can configure up to 30 remote log server entries.

The following options are available:

Create New	Create a new log server entry.
Edit	Edit the selected log server entry.
Delete	Delete the selected log server entry.

This page displays the following information:

Name	Name of the server entry.
Server Type	Server type. The following options are available: CEF, syslog (TCP/UDP), or FortiAnalyzer.
Server Address	Log server address.
Port	Log server port number.
Status	Status of the log server, Enabled or Disabled.

To create a new server entry:

1. Go to Log & Report > Log Servers.
2. Click Create New.
3. Configure the following settings:

   Name	Name of the new server entry.
   Type	Select log server type from the dropdown list.
   Log Server Address	Log server IP address or FQDN.
   Port	Port number. The default port is 514.
   Status	Select to enable or disable sending logs to the server.
   Log Level	Select to enable the logging levels to be forwarded to the log server. The following options are available: Enable Alert Logs. By default, only logs of non-Clean rated jobs are sent. To send Clean Job Alert Logs, select Include job with Clean Rating. Enable Critical Logs Enable Error Logs Enable Warning Logs Enable Information Logs Enable Debug Logs

4. Click OK.

You can forward FortiSandbox logs to a FortiAnalyzer running version 5.2.0 or later.

To edit or delete a log server:

1. Go to Log and Report > Log Servers.
2. Select an event entry.
3. Click Edit or Delete.