Introduction This is a step by step instruction on how to enable syslog on most network devices via the Command Line Interface (CLI).
Introduction
This is a step by step instruction on how to enable syslog on most network devices via the Command Line Interface (CLI).
For most devices, enabling syslog is as easy as checking a box and specifying the collector IP in a web-based interface. However, in some devices (in this case: FortiGate firewalls), that option is either not available in the web UI or there is no web UI at all.
For those devices, you will have to configure syslog forwarding using CLI commands. Some vendors have their own CLI syntax (Fortigate is no exception) but the commands should be similar across most major firewalls, routers, switches, etc.
Steps (8 total)
Log into your device via ssh using the following command:
ssh user@1.2.3.4
Replace 'user' with the username of a user with administrative privileges and '1.2.3.4' with the IP address of the device you want to send syslog from. In most cases, the user will be 'root' or 'admin'. The default administrative user for FortiGate devices is 'admin'.
Starting your command with 'config' will allow you to enter configuration mode and edit system settings. To enter the configuration mode for the syslog daemon settings, type the following command:
config log syslogd setting
The command prompt now includes "(setting)", indicating that you are now editing the settings for the syslog daemon
You must enable syslog forwarding first before changing any of the settings. To do this, enter the following command:
set status enable
To configure where the syslog data is sent to, we need to specify the IP address of the syslog server (also known as a collector or receiver). To do this, enter the following command:
set server 1.2.3.4
*Be sure to change '1.2.3.4' to the IP address of your syslog server
Next, we will need to specify what IP address the syslog messages are coming from (the IP of the device sending syslog). To do this, enter the following command:
set source-ip 1.2.3.4
*Be sure to change '1.2.3.4' to the IP address of your device sending syslog
Typing a question mark (?) at the prompt (even after a command) will let you see what your options are at that point. In this case, I have typed 'set' and then '?' to see what parameters I'm able to configure in the syslog settings.
Options include changing the syslog port (default is 514) or the remote facility.
Depending on your device, the process of saving changes may differ. On devices running FortiOS, though, you will want to type the following:
end
That will save all of the changes you have made to the syslog daemon settings and return you to the main prompt
In most devices, you can configure them to forward syslog to multiple locations. To do this on a device running FortiOS, change the syslogd name when entering configuration mode. Example:
config log syslogd2 setting
config log syslogd3 setting
config log syslogd3 setting
Then, just repeat the steps above to send syslog to multiple destinations.
Conclusion
You should now be sending syslog to the destination(s) that you specified in the configuration.
Next step - figure out what to do with all of this data....
No comments
Post a Comment