Fortinet users, how to send logs to non Fortinet log servers ?

As a Fortinet partner, I’ve been deploying their solutions for many years now. I am therefore used to configuring syslog over the Web GUI on the Fortinet appliance. If you are a Fortinet user, you have probably noticed that this feature was removed in the version 5.0 and upward (for unknown reasons). If you are in charge of information security, you need to have your logs sent to other log servers, such as SIEM, that may not be Fortiner log servers.

I have faced this situation myself and I’m pleased to share the solution with you. So here are my notes to send logs to non Fortinet log servers such as SIEM.

 

There are 3 syslog servers that can be configured :

  • syslogd,
  • syslogd2,
  • syslogd3.

To see the configuration of syslogd:

  • show log syslogd setting

To configure the first syslog server as a bare minimum:

  1. config log syslogd setting
  2. set status enable
  3. set server “192.168.17.39”
  4. end

The logs start coming immediately.

«

Leave a Reply