FortiMail
This procedure demonstrates the GUI configuration of FortiMail for all available syslog messages.
To successfully receive and process logs, you need to set up the log classification correctly. The easiest way to do this is to add the IP addresses of the device (or your chosen subnet) to the appropriate IP prefix list.
Some devices in Logmanager do not have their own IP Prefix list and you need to create one or use a classifier - Classifiers. However, an IP prefix list exists for this device, so follow the procedure below.
-
Log in to the Logmanager web administration.
Add the IP address of the FortiMail device to the IP prefix list “FortiMail”.
Go to Parser/IP prefix lists:
- Locate the IP prefix list FortiMail,
- Edit with the blue pen icon,
- Add the IP addresses of your FortiMail devices. (Alternatively, you can use a subnet of your choice).
IP prefix lists are used in the vendor-Default-classification template - more Classifier Templates.This is the standard for most Logmanager installations. If you are using your own classifiers or are unsure about something, please contact your certified partner or help@logmanager.com.
-
Log in to the web administration of FortiMail. You need a username with an admin privilege.
Login to the web administration of FortiMail
-
In order to configure the Logmanager server as the remote destination, choose
Log and Report ‣ Log Settings ‣ Remote ‣ New. -
Activate logging by clicking Enable and entering the following details:
- Name: set any name.
- Server name/IP: set IP address of your Logmanager.
- Server port: set port 514.
- Protocol: Syslog
- Mode: UDP
- Level: Information
- Facility: kern
- CSV format: disable
Remote Log Settings
Now your FortiMail device will be sending logs to Logmanager.