FortiMail

This procedure demonstrates the GUI configuration of FortiMail for all available syslog messages.

To successfully receive and process logs, you need to set up the log classification correctly. The easiest way to do this is to add the IP addresses of the device (or your chosen subnet) to the appropriate IP prefix list.

Some devices in Logmanager do not have their own IP Prefix list and you need to create one or use a classifier - Classifiers. However, an IP prefix list exists for this device, so follow the procedure below.

1. Log in to the web administration Logmanager.

   Add the IP address of the FortiMail device to the IP prefix list “FortiMail”.

   Go to Parser/IP prefix lists:

   • Locate the IP prefix list FortiMail.
   • Edit with blue pen icon.
   • Add the IP addresses of your FortiMail devices. (Alternatively, you can use your chosen subnet)

   IP prefix lists are used in the vendor-Default-classification template - more Classifier Templates.

   This is standard for most Logmanager installations. If you are using your own classifiers or are unsure about something, please contact your certified partner or help@logmanager.com.

1. Login to web administration of FortiMail. You need a username with admin privilege.

   

2. In order to configure the Logmanager server as the remote destination, choose Log and Report ‣ Log Settings ‣ Remote ‣ New.

3. Activate logging by click on Enable and enter the following details:

   • Name: set any name
   • Server name/IP: set IP address of your Logmanager
   • Server port: set port 514
   • Protocol: Syslog
   • Mode: UDP
   • Level: Information
   • Facility: kern
   • CSV format: disable

   

4. Click OK when you are done.

Now your FortiMail device will be sending logs to Logmanager.