Ask the Community
Groups
How do I configure remote syslog logging for a Fortinet Firewall - Connect IT Community | Kaseya
<main> <article class="userContent"> <h2 data-id="this-article-describes-the-steps-to-configure-fortinet-firewalls-to-send-syslog-data-to-the-rocketcyber-firewall-analyzer">This article describes the steps to configure Fortinet Firewalls to send syslog data to the RocketCyber Firewall Analyzer</h2> <div data-aura-rendered-by="128:201;a" data-aura-class="forcePageBlockSectionRow"> <div data-aura-rendered-by="115:201;a" data-aura-class="forcePageBlockItem forcePageBlockItemView"> </div> </div> <div data-aura-rendered-by="150:201;a" data-aura-class="forcePageBlockSectionRow"> <div data-aura-rendered-by="198:201;a" data-aura-class="forcePageBlockSectionRow"> <div data-aura-rendered-by="185:201;a" data-aura-class="forcePageBlockItem forcePageBlockItemView"> <div data-aura-rendered-by="186:201;a"> <div data-aura-rendered-by="190:201;a"> <div dir="ltr" data-aura-rendered-by="182:201;a" data-aura-class="uiOutputRichText forceOutputRichText"> <p data-aura-rendered-by="183:201;a"><strong>Configure your FortiGate firewall settings </strong></p> <p data-aura-rendered-by="183:201;a">Configure the FortiGate firewall settings for your specific FortiOS operating system.</p> <p data-aura-rendered-by="183:201;a"><strong>Firewalls running FortiOS 4.x </strong></p> <ol data-aura-rendered-by="183:201;a"><li>Open the FortiGate Management Console.</li> <li>Navigate to <strong>Log & Report > Log Config > Log Settings</strong>. </li> <li>Select the <strong>Syslog</strong> check box.</li> <li>Expand the <strong>Options</strong> section and complete all fields. <ol><li>In the <strong>Name/IP</strong> field, enter the IP address of the RocketAgent Syslog Server.</li> <li>In the <strong>Port</strong> field, enter 514.</li> <li>In the <strong>Level</strong> field, select the logging level where FortiGate should generate log messages. <p>We recommend Level 6 - Information. </p> </li> <li>In the Facility field, enter a specific syslog facility for the RocketAgent syslog server or use the default.</li> <li>Make sure Enable CSV Format is unchecked. </li> </ol></li> <li>Click <strong>Apply</strong>.</li> </ol><h4 data-aura-rendered-by="183:201;a" data-id="firewalls-running-fortios-5-x-or-fortios-6-x"><strong>Firewalls running FortiOS 5.x or FortiOS 6.x </strong></h4> <p data-aura-rendered-by="183:201;a">In FortiOS 5.x and higher, syslog servers should be configured using a command line.</p> <p data-aura-rendered-by="183:201;a"><br>FortiOS allows up to 3 syslog servers on FortiOS 5.x and 4 syslog servers on ForiOS 6.x.</p> <ul><li> <ul><li data-aura-rendered-by="183:201;a">syslogd </li> <li data-aura-rendered-by="183:201;a">syslogd2</li> <li data-aura-rendered-by="183:201;a">syslogd3</li> <li data-aura-rendered-by="183:201;a">syslogd4</li> </ul></li> </ul><p data-aura-rendered-by="183:201;a">1. To configure your firewall running FortiOS 5.x or 6.x, open a command line on the device.</p> <p data-aura-rendered-by="183:201;a">2. Before configuring one of the available syslog servers, find the first one that is not already in use by the following command:</p> <p data-aura-rendered-by="183:201;a">config log {syslogd | syslogd2 | syslogd3 | syslogd4} setting</p> <p data-aura-rendered-by="183:201;a">show</p> <p data-aura-rendered-by="183:201;a">end</p> <p data-aura-rendered-by="183:201;a">3. Enter the following commands to configure the chosen syslog server entry {syslogd|syslogd2|syslogd3|syslogd4} in the example below we are using syslogd and our RocketAgent syslog IP address is 192.168.3.15</p> <pre data-aura-rendered-by="183:201;a" class="code codeBlock" spellcheck="false" tabindex="0">config global<br>config log syslogd setting <br>set status enable<br>set csv disable<br>set server 192.168.3.15<br>set source-ip 10.2.2.2<br>end</pre> <p data-aura-rendered-by="183:201;a">For the <strong>server</strong> parameter, enter the IP address of the RocketAgent syslog server.</p> <p data-aura-rendered-by="183:201;a">For the <strong>source-ip</strong>, enter the IP address of the firewall that will be sending the syslog messages to the RocketAgent syslog server.</p> <p data-aura-rendered-by="183:201;a"><strong>Additional details can be found in the Fortigate FortiOS CLI Reference Guides</strong></p> <p data-aura-rendered-by="183:201;a"><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelp.fortinet.com%2Ffgt%2Fhandbook%2Fcli_html%2Findex.html%23page%2FFortiOS%2525205.0%252520CLI%2Fconfig_log.17.15.html" rel="noopener nofollow">https://help.fortinet.com/fgt/handbook/cli_html/index.html#page/FortiOS%25205.0%2520CLI/config_log.17.15.html</a></p> <p data-aura-rendered-by="183:201;a"><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fdocs.fortinet.com%2Fdocument%2Ffortigate%2F6.0.0%2Fcli-reference%2F260508%2Flog-syslogd-syslogd2-syslogd3-syslogd4-setting" rel="noopener nofollow">https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/260508/log-syslogd-syslogd2-syslogd3-syslogd4-setting</a></p> </div> </div> </div> </div> </div> </div> </article> </main>