User guide
ManageEngine Firewall Analyzer :: User Guide
233
Zoho Corp.
o Choose the logging level as Information or select the Log All Events
checkbox (depending on the version of FortiGate)
4. If you want to export logs in the syslog format (or export logs to a different
configured port):
o Select the Log to Remote Host option or Syslog checkbox (depending
on the version of FortiGate) Syslog format is preffered over WELF, in order
to support vdom in Fortigate firewalls.
o Enter the IP address and port of the syslog server
o Select the logging level as Information or select the Log All Events
checkbox (depending on the version of FortiGate)
o Select the facility as local7
5. Click Apply
Do not select CSV format for exporting the logs.
Configuring RuleSets for Logging Traffic
Follow the steps below to configure rulesets for logging all traffic from or to the FortiGate
firewall:
1. Select Firewall > Policy
2. Choose a rule for which you want to log traffic and click Edit. You can configure
any traffic to be logged separately if it is acted upon by a specific rule.
3. Select the Log Traffic checkbox
4. Click OK and then click Apply
Repeat the above steps for all rules for which you want to log traffic.
For more information, refer the Fortinet documentation.
If Firewall Analyzer is unable to receive the logs from the Fortigate after
configuring from UI, please carryout the steps to configure it through command
prompt
(For the models like Fortigate 60, Fortigate 200, etc.)
Please follow the steps to enable the device to send the logs to Firewall Analyzer.
• Start CLI on the Fortigate firewall.
• Execute the following commands to enable Syslog:
Enable syslog:
config log syslogd setting<cr>
set server (ip address)<cr>
set status enable<cr>
end<cr>
• Execute the following commands to enable Traffic:
Enable traffic:
config log syslogd filter<cr>
set severity information<cr>