Configure remote syslog logging for a Fortinet Firewall

Configure remote syslog logging for a Fortinet Firewall

This article describes the steps to configure Fortinet Firewalls to send syslog data to the RocketCyber Firewall Analyzer

Configure your FortiGate firewall settings 

Configure the FortiGate firewall settings for your specific FortiOS operating system.

Firewalls running FortiOS 4.x 

Open the FortiGate Management Console.
  1. Navigate to Log & Report > Log Config > Log Settings. 
  2. Select the Syslog check box.
  3. Expand the Options section and complete all fields. 
    1. In the Name/IP field, enter the IP address of the RocketAgent Syslog Server.
    2. In the Port field, enter 514.
    3. In the Level field, select the logging level where FortiGate should generate log messages.
    4. We recommend Level 6 - Information. 
    5. In the Facility field, enter a specific syslog facility for the RocketAgent syslog server or use the default.
  4. Make sure Enable CSV Format is unchecked.  
  5. Click Apply.

Firewalls running FortiOS 5.x or FortiOS 6.x 

In FortiOS 5.x and higher, syslog servers should be configured using a command line.

FortiOS allows up to 3 syslog servers on FortiOS 5.x and 4 syslog servers on ForiOS 6.x.
  1. syslogd 
  2. syslogd2
  3. syslogd3
  4. syslogd4
1. To configure your firewall running FortiOS 5.x or 6.x, open a command line on the device.

2. Before configuring one of the available syslog servers, find the first one that is not already in use by the following command:

config log {syslogd | syslogd2 | syslogd3 | syslogd4} setting
show
end

3. Enter the following commands to configure the chosen syslog server entry {syslogd|syslogd2|syslogd3|syslogd4} in the example below we are using syslogd and our RocketAgent syslog IP address is 192.168.3.15
config global
config log syslogd setting 
set status enable
set csv disable
set server 192.168.3.15
set source-ip 10.2.2.2
end
For the server parameter, enter the IP address of the RocketAgent syslog server.

For the source-ip, enter the IP address of the firewall that will be sending the syslog messages to the RocketAgent syslog server.

    • Related Articles

    • Configure syslog remote logging for a SonicWall firewall

      This article provides instruction on how to set up and enable Syslog forwarding on a SonicWall firewall. Logon to the firewall as admin. Navigate to Manage | Log Settings | SYSLOG Click on the Add button Select the Name or IP address of the Syslog ...
    • Configure syslog remote logging for a Sophos firewall

      This article provides instruction on how to set up and enable Syslog forwarding on a Sophos firewall Configure Syslog Server Navigate to System Services > Log Settings and click Add to configure a Syslog server. Enter a Name for the Syslog server. ...
    • Configure remote syslog logging for a WatchGuard Firewall

      This article describes the steps required to configure a WatchGuard firewall to send Syslog messages to the RocketAgent Syslog Server To Configure the FireBox to send Syslog messages to the RocketAgent Syslog Server Select System > Logging. Click the ...
    • Configure syslog remote logging for a Ubiquiti Unifi Security Gateway (USG)

      This article will walk through the steps required to send Syslog data from a Ubiquiti USG device to the RocketCyber Firewall Analyzer Enable Remote Logging 1. Log in to the Unifi Network Controller and click on Settings (gear icon) at the bottom of ...
    • Configure remote syslog forwarding for Palo Alto firewalls

      This article will describe the steps required to configure Palo Alto to send Syslog messages to the RocketAgent Syslog Server Create Syslog Profile Open your Palo Alto dashboard. Navigate to Devices > Server Profiles > Syslog Click Add and enter a ...