Logging and reporting, Recording logs – Fortinet FortiGate 4000 User Manual

FortiGate-4000 Installation and Configuration Guide Version 2.50

FortiGate-4000 Installation and Configuration Guide

307

Logging and reporting

You can configure the FortiGate unit to log network activity from routine configuration
changes and traffic sessions to emergency events. You can also configure the
FortiGate unit to send alert email messages to inform system administrators about
events such as network attacks, virus incidents, and firewall and VPN events.

This chapter describes:

•

Recording logs

•

Filtering log messages

•

Configuring traffic logging

•

Viewing logs saved to memory

•

Configuring alert email

Recording logs

You can configure logging to record logs to one or more of:

• a computer running a syslog server,
• a computer running a WebTrends firewall reporting server,
• the console.

You can also configure logging to record event, attack, antivirus, web filter, and email
filter logs to the FortiGate system memory. Logging to memory allows quick access to
only the most recent log entries. If the FortiGate unit restarts, the log entries are lost.

You can select the same or different severity levels for each log location. For example,
you might want to record only emergency and alert level messages to the FortiGate
memory and record all levels of messages on a remote computer.

For information about filtering the log types and activities that the FortiGate unit
records, see

“Filtering log messages” on page 310

. For information about traffic logs,

see

“Configuring traffic logging” on page 311

.

This section describes:

•

Recording logs on a remote computer

•

Recording logs on a NetIQ WebTrends server

•

Recording logs in system memory

•

Log message levels