Skip to Content

How to send Syslog Message When Host is marked as ‘Host At Risk’

By: Author Alex Lim

Posted on

Categories Troubleshooting

This article describes how to send a Syslog message to an external Syslog server when a Host is marked as ‘Host At Risk’.

Scope

FortiNAC, FortiNAC -F.

Solution

Step 1: Configure the Syslog server under the menu System > Settings > System Communication > Log Receivers and set the Facility as ‘Internal Syslogd‘.

Configure the Syslog server under the menu System > Settings > System Communication > Log Receivers and set the Facility as 'Internal Syslogd'.

Note: For more information about Syslog Facility options and their functionality, refer to this document: Log receivers

Step 2: Under Menu Logs > Events & Alarms > Management, set the ‘Host At Risk’ event as ‘Internal & External’.

Under Menu Logs > Events & Alarms > Management, set the 'Host At Risk' event as 'Internal & External'.

Step 3: To trigger a ‘Host At Risk’ event, set a device’s scan result as Failure or perform a scan.

To trigger a 'Host At Risk' event, set a device's scan result as Failure or perform a scan.

Step 4: Confirm that the ‘Host At Risk’ event has been sent by FortiNAC as a Syslog message.

Confirm that the 'Host At Risk' event has been sent by FortiNAC as a Syslog message.