Fortigate - External Logging - 'fortianalyzer'

Information

Synchronize log messages with an external log server to have a backup of log messages for analysis if the FortiGate unit is compromised.

Solution

Use this command to enable external logging via fortianalyzer.

config log fortianalyzer setting
set status enable
set csv {enable | disable}
set facility {alert | audit | auth | authpriv | clock | cron |
daemon | ftp | kernel | local0 | local1 | local2 | local3 |
local4 | local5 | local6 | local7 | lpr | mail | news | ntp |
syslog | user | uucp}
set port <port_integer>
set reliable {enable | disable}
set server <address_ipv4 | FQDN>
set source-ip <address_ipv4>
end

See Also

https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(2)

Plugin: FortiGate

Control ID: 50b710421e070adbe213abf4e9972166b35853c38e3d286d75057e6fac5952e5