Filter
Top Products
FortiAnalyzer Version 3.0 MR7 Administration Guide
58 05-30007-0082-20080908
Config System
Configuring log aggregation
Log aggregation is a method of collecting log data from one or more FortiAnalyzer
units to a central FortiAnalyzer unit.
Log aggregation involves one or more FortiAnalyzer units configured to act as
aggregation clients, and a FortiAnalyzer unit configured to act as an aggregation
server. The aggregation client sends all of its device logs, including quarantined or
content archived files, to the aggregation server. The transfer includes the active
log to the point of aggregation (for example, tlog.log) and all rolled logs stored
on the aggregation client (tlog.1.log, tlog.2.log, tlog.3.log …).
Subsequent log aggregations include only changes; the aggregation client does
not re-send previously aggregated logs.
On the aggregation server, additional devices will appear in the device list,
corresponding to those devices which log to the aggregation clients. You can
easily identify these devices, as they do not have Rx and Tx permissions.
Log file should be
rolled... even if size
is not exceeded
Select the frequency of when the FortiAnalyzer unit renames the
current log file and starts a new active log file.
•Daily: Roll log files daily, even if the log file has not yet reached
maximum file size.
• Weekly: Roll log files weekly, even if the log file has not yet
reached maximum file size.
•Optional: Roll log files only when the log file reaches the
maximum file size, regardless of time interval.
This option appears only when Use System Device Log Settings is
disabled.
Log to Host Select to send log messages generated by the FortiAnalyzer unit to
another host, such as a Syslog server.
IP Enter the IP address of the Syslog server.
Port Enter the Syslog port. The default port is 514.
Log Level Select the severity level for the log messages recorded to the Syslog
server. The FortiAnalyzer unit logs all levels of severity down to, but
not less severe than, the level you select. For example, if you want to
record emergency, critical, and error messages, select Error.
Format Enable CSV format to record log messages in comma-separated
value (CSV) formatted files. Log message fields are separated by
commas. When disabled, logs are recorded as standard log files.
Event Log Select to configure which FortiAnalyzer unit events the FortiAnalyzer
unit records to the log. Events can be logged locally on the
FortiAnalyzer unit, or to the host indicated in Log to Host. Loggable
event types include When configuration has changed, IPSec
negotiation event, Admin login/logout event, and System activity
event.
Automatcially
Delete
Select to configure automatic deletion of older logs. Enable the type
of log or report you wish to automatically delete (Logs older than,
Network analyzer logs older than, Local logs older than, Reports
older than, Content archive files older than), then select from Hours,
Weeks, Days or Months, and enter the value for the age unit.