Advanced logging

This section explains how to configure other log features within your existing log configuration. You may want to include other log features after initially configuring the log topology because the network has either outgrown the initial configuration, or you want to add additional features that will help your network’s logging requirements.

The following topics are included in this section:

l Log backup and restore tools l Configuring logging to multiple Syslog servers l Using Automatic Discovery to connect to a FortiAnalyzer unit l Activating a FortiCloud account for logging purposes l Viewing log storage space l Customizing and filtering log messages l Viewing logs from the CLI l Configuring NAC Quarantine logging l Logging local-in policies l Tracking specific search phrases in reports l Interpreting and configuring FSSO syslog log messages

Log backup and restore tools

Local disk logs can now be backed up and restored to local files, using CLI commands:

execute log backup <filename> execute log restore <filename>

Restoring logs will wipe the current log and report content off the disk.

Logs can also now be exported to a USB storage device, as LZ4 compressed files, from both CLI and GUI. When you insert a USB drive into the FortiGate’s USB port, the USB menu will appear in the GUI. The menu shows the amount of storage on the USB disk, and the log file size, and you can select Copy to USB to copy the log data to the drive.