High Availability cluster logging
Log&Report
FortiGate Version 4.0 Administration Guide
650
01-400-89802-20090424
High Availability cluster logging
When configuring logging with a High Availability (HA) cluster, you configure the primary
unit to send logs to a FortiAnalyzer unit or a Syslog server. The settings are applied to the
subordinate units, which send the log messages to the primary unit. The primary unit then
sends all logs to the FortiAnalyzer unit or Syslog server.
If you configured a secure connection via an IPSec VPN tunnel between a FortiAnalyzer
unit and a HA cluster, the connection is between the FortiAnalyzer unit and the HA cluster
primary unit.
For more information, see the
FortiGate High Availability User Guide
Storing logs
The type and frequency of log messages you intend to save determines the type of log
storage to use. For example, if you want to log traffic and content logs, you need to
configure the FortiGate unit to log to a FortiAnalyzer unit or Syslog server. The FortiGate
system memory is unable to log traffic and content logs because of their frequency and
large file size.
Storing log messages to one or more locations, such as a FortiAnalyzer unit or Syslog
server, may be a better solution for your logging requirements than the FortiGate system
memory. Configuring your FortiGate unit to log to a FortiGuard Analysis server may also
be a better log storage solution if you do not have a FortiAnalyzer unit and want to create
reports. This particular log storage solution is available to all FortiGate units running
FortiOS 3.0 MR6 or higher, through a subscription to the FortiGuard Analysis and
Management Service. For more information, see
“FortiGuard Analysis and Management
.
If your FortiGate unit has a hard disk, you can also enable logging to the hard disk from
the CLI. See the
for more information before enabling logging to
the hard disk.
If you require logging to multiple FortiAnalyzer units or Syslog servers, see the
FortiGate
CLI Reference
.
Logging to a FortiAnalyzer unit
FortiAnalyzer units are network devices that provide integrated log collection, analysis
tools and data storage. Detailed log reports provide historical as well as current analysis of
network activity to help identify security issues and reduce network misuse and abuse.
You can configure the FortiGate unit to log up to three FortiAnalyzer units. The FortiGate
unit sends logs to all three FortiAnalyzer units. Each FortiAnalyzer unit stores the same
information. Logging to multiple FortiAnalyzer units provides real-time backup protection
in the event one of the FortiAnalyzer units fails. You can configure logging to multiple
FortiAnalyzer units only in the CLI. For more information, see the
FortiGate CLI
Reference
.
Note:
Daylight Saving Time (DST) is now extended by four weeks in the United States and
Canada and may affect your location. It is recommended to verify if your location observes
this change, since it affects the scope of the report. Fortinet has released supporting
firmware. See the Fortinet Knowledge Center article,
New Daylight Saving Time support
for more information.
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...