FortiGuard Analysis and Management Service
Log&Report
FortiGate Version 4.0 Administration Guide
648
01-400-89802-20090424
For better log storage and retrieval, the FortiGate unit can send log messages to a
FortiAnalyzer™ unit. FortiAnalyzer units provide integrated log collection, analysis tools
and data storage. Detailed log reports provide historical as well as current analysis of
network activity. Detailed log reports also help identify security issues, reducing network
misuse and abuse. The FortiGate unit can send all log message types, including
quarantine files and content archives, to a FortiAnalyzer unit for storage. The
FortiAnalyzer unit can upload log files to an FTP server for archival purposes. For more
information about configuring the FortiGate unit to send log messages to a FortiAnalyzer
unit, see
“Logging to a FortiAnalyzer unit” on page 650
If you have a subscription for the FortiGuard Analysis and Management Service, your
FortiGate unit can send logs to a FortiGuard Analysis server. This service provides
another way to store and view logs, as well as archiving email messages. For more
information, see
“FortiGuard Analysis and Management Service” on page 648
. Fortinet
recommends reviewing the
FortiGuard Analysis and Management Service Administration
Guide
to learn more about the logging, reporting, and remote management features from
the FortiGuard Analysis and Management Service portal web site.
The FortiGate unit can also send log messages to either a Syslog server or WebTrends
server for storage and archival purposes. If your FortiGate unit has a hard disk, you can
also send logs to it by using the CLI. For more information about configuring logging to the
hard disk, see the
FortiGate CLI Reference
.
In the FortiGate web-based manager, you can view log messages available in system
memory, on a FortiAnalyzer unit running firmware version 3.0 or higher, or, if available, the
hard disk. You can use customizable filters to easily locate specific information within the
log files.
For details and descriptions of log messages and formats, see the
.
FortiGuard Analysis and Management Service
FortiGuard Analysis and Management Service is a subscription-based service that
provides logging and reporting solutions, as well as remote management service, for all
FortiGate units. The FortiGuard Analysis and Management Service is available on all
FortiGate units running FortiOS 3.0 MR6 and higher.
The logging and reporting side of FortiGuard Analysis and Management Service is made
up of two types of servers, the primary analysis server and the secondary analysis server.
The primary analysis server stores logs generated from the FortiGate unit. The secondary
analysis server provides redundancy, ensuring log data is available at all times. There are
several secondary analysis servers available for redundancy for each FortiGate unit. The
network also includes the main analysis server, which is responsible for monitoring and
maintaining the primary and secondary analysis servers.
When the FortiGate unit connects to the logging and reporting network for the first time, it
retrieves its assigned primary analysis server, contract term, and storage space quota
from the main analysis server. The main analysis server contains this information so it can
maintain and monitor the status of each of the servers.
After configuring logging to the assigned primary analysis server, the FortiGate unit begins
sending encrypted logs to the primary analysis server through TCP port 514. The
connection between the main analysis server and the FortiGate unit is secured using FCP
over HTTPS, through port 443.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...