Fortinet FortiLog-400 User Manual
Page 101
FortiLog CLI reference
CLI commands
FortiLog Administration Guide
05-16000-0082-20050115
101
set log setting syslog remote server <server_ip>
port <port_integer> loglevel <severity_level>
Set the remote syslog severity level
0 = Emergency, 1 = Alert, 2 = Critical, 3 = Error, 4 = Warning, 5 =
Notification, 6 = Information
The log levels will be up to but not higher than the value you set.
set log setting syslog remote server <server_ip>
port <port_integer> loglevel <severity_level> csv
{enable | disable}
Enable or disable CSV format to record log messages to the remote
syslog server in comma-separated value (CSV) formatted files. Log
message fields are separated by commas.
set log policy destination <syslog | local |
console>
Set the destination where log policy information will reside.
set log policy destination <syslog | local |
console>event status <enable | disable>
Enable or disable the event log recording of management and activity
events. Management events include changes to the FortiLog and
administrator login/logout. System activities include activities such as
IPSec negotiation.
set log policy destination <syslog | local |
console> event <enable | disable> configuration
<configuration | ipsec | login | ipmac | system |
routegateway| none>
Set the management events and system activities to log.
set log devtype <string> report name <report
name>
Define the report name for a device
• devtype<string> is one of FortiGate, FortiMail, FortiManager and
Syslog
• <report name> define a name for the report.
set log devtype <string> report <report name>
period {from<YY-MM-DD-HH> to <YY-MM-DD-HH>
Set the start and ending period the FortiLog unit pulls the data from the
logs.
set log devtype <string> report <report name>
period {today | yesterday}
Set the period the FortiLog unit pulls the data from the logs.
set log devtype <string> report <report name>
period this {year|quarter|month|week}
Set the period the FortiLog unit pulls the data from the logs.
set log devtype <string> report <report name>
period last {year|quarter|month|week}
Set the period the FortiLog unit pulls the data from the logs.
set log devtype <string> report <report name>
results {vdom | dev | all}
Set the devices or virtual domains to include in the report.
• all - all available devices
• dev -display results per device
• vdom - display results per virtual domain
set log devtype <string> report <report name>
top {x | y}<integer>
Set the top values for specific log reports, where the top values are
reported. This can be useful when you have many email clients yet you
only need to report on the top ten.
set log devtype <string> report <report name>
resolve {ip |port}
Set the resolving of IP addresses and port numbers to meaningful
names. You must first add IP aliases to use this option. For details, see
the report alias
set log devtype <string> report <report name>
queryset <string>
Select a defined query profile to use in the report.
set log devtype <string> report <report name>
deviceset <string>
Select a defined device profile to use in the report.
set log devtype <string> report <report name>
filters <string>
Select a defined filter profile to use in the report.
set log devtype <string> queryset
<name><qry_indexes>
Select the queries to include in a report and store as a profile for later
use in other reports.
set log devtype <string> deviceset
<string><all|0,4,5>
Select the devices to include in a report and store as a profile for later
use in other reports.