Fortinet-Fortigate Integrations
Introduction
This integration is for Fortinet FortiGate logs sent in the syslog format.
Pre-requisite:
Configure syslog on FortiGate
From the GUI:
- Log into FortiGate.
- Select Log & Report to expand the menu.
- Select Log Settings.
-
Toggle Send Logs to Syslog to Enabled.
-
Enter the Syslog Collector IP address.
If it is necessary to customize the port or protocol or setup the Syslog from the CLI below are the commands:
config log syslogd setting
set status enable
set server "192.168.1.19"
set mode udp
set port 514
end
To establish the connection to the Syslog Server using a specific Source IP Address, use the below CLI configuration:
config log syslogd setting
set status enable
set server "192.168.1.19"
set source-ip "172.16.1.1"
set mode udp
set port 514
end
Assumptions
The procedures described in Section 3 assumes that a Log Collector has already been setup.
Compatibility
This integration has been tested against FortiOS version 6.0.x and 6.2.x. Versions above this are expected to work but have not been tested.
Fortinet FortiGate Integration Procedures
Please provide the following information to CyTech:
Collect Fortinet FortiGate logs (input: tcp)
-
Listen Address - The bind address to listen for TCP connections.
-
Listen Port - The TCP port number to listen on.
Collect Fortinet FortiGate logs (input: udp)
-
Listen Address - The bind address to listen for UDP connections.
-
Listen Port - The UDP port number to listen on.
If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.