Fortinet users, how to send logs to non Fortinet log servers ?

As a Fortinet partner, I’ve been deploying their solutions for many years now. I am therefore used to configuring syslog over the Web GUI on the Fortinet appliance. If you are a Fortinet user, you have probably noticed that this feature was removed in the version 5.0 and upward (for unknown reasons). If you are in charge of information security, you need to have your logs sent to other log servers, such as SIEM, that may not be Fortiner log servers.

I have faced this situation myself and I’m pleased to share the solution with you. So here are my notes to send logs to non Fortinet log servers such as SIEM.

 

There are 3 syslog servers that can be configured :

  • syslogd,
  • syslogd2,
  • syslogd3.

To see the configuration of syslogd:

  • show log syslogd setting

To configure the first syslog server as a bare minimum:

  1. config log syslogd setting
  2. set status enable
  3. set server “192.168.17.39”
  4. end

The logs start coming immediately.

«

Leave a Reply

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team. We send about 3-4 communications a year and never share our contacts with anyone.

You have Successfully Subscribed!

Inscrivez vous à notreNewsletter

Inscrivez-vous pour garder le contact avec nous. Nous envoyons quelques emails par an et ne partageons notre liste avec personne.

Votre inscription a réussi!