Skip to content

Fortinet FortiGate Firewall

Configure Fortinet FortiGate firewalls to forward logs directly to a Syslog endpoint, utilizing FortiGate's native Syslog capabilities.

Prerequisites

  • FortiGate firewall with administrative access.
  • Syslog server information: <SYSLOG_ENDPOINT>, <SYSLOG_PORT>.

Configuration Steps

1. Access FortiGate Firewall

Log in to your FortiGate firewall using the web UI or SSH to access the CLI.

2. Configure Syslog Server

Via Web UI

  1. Navigate to Log & Report > Log Settings.
  2. In the Remote Logging and Archiving section, enable Syslog.
  3. Click Create New or edit an existing Syslog server configuration.
  4. Enter the Syslog server details:
    • IP/Domain: <SYSLOG_ENDPOINT>
    • Port: <SYSLOG_PORT>
    • Reliable: Choose according to your Syslog server configuration (TCP for reliable syslog).
  5. Select the log severity and facilities to forward.
  6. Click OK to save the configuration.

Via CLI

  1. Access the CLI (via SSH or console) and enter the following commands, adjusting parameters as needed:

    config log syslogd setting
    set status enable
    set server "<SYSLOG_ENDPOINT>"
    set port <SYSLOG_PORT>
    set reliable {enable | disable}
    set facility {local7 | appropriate_facility}
    set source-ip {interface_ip}
end

  2. Replace <SYSLOG_ENDPOINT> and <SYSLOG_PORT> with your Syslog server's IP address and port. Configure other options as necessary for your environment.

3. Apply and Save Configuration

  • Web UI: Ensure all changes are applied and saved.
  • CLI: After entering the configuration commands, save the configuration by executing execute backup config flash.

4. Verify Log Forwarding

  • Generate test traffic or events that should be logged.
  • Check your Syslog server to confirm that logs from the FortiGate firewall are being received.

Troubleshooting

  • Connectivity Issues: Verify network connectivity between the FortiGate firewall and the Syslog server. Ensure no network devices are blocking the Syslog port.
  • Configuration Check: Review the Syslog server configuration on the FortiGate firewall for any errors or misconfigurations.
  • Syslog Server Configuration: Ensure the Syslog server is configured to listen on the specified port and is set up to accept logs from the FortiGate firewall.

This guide provides a quick overview of setting up FortiGate firewalls to forward