Fortigate - External Logging - 'fortianalyzer2'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Synchronize log messages with an external log server to have a backup of log messages for analysis if the FortiGate unit is compromised.

Solution

Use this command to enable external logging via fortianalyzer2.

config log fortianalyzer2 setting
set status enable
set csv {enable | disable}
set facility {alert | audit | auth | authpriv | clock | cron |
daemon | ftp | kernel | local0 | local1 | local2 | local3 |
local4 | local5 | local6 | local7 | lpr | mail | news | ntp |
syslog | user | uucp}
set port <port_integer>
set reliable {enable | disable}
set server <address_ipv4 | FQDN>
set source-ip <address_ipv4>
end

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(2)

Plugin: FortiGate

Control ID: 14434679b586e680ec47013d0d2d1bc2909443dd83e3ab6f0545b5f3458e791c