Technical Tip: How to add a third party device to FortiAnalyzer

Description

This article describes how to add a third party device to FortiAnalyzer where the FortiAnalyzer is the syslog server.

Scope

FortiAnalyzer.

Solution

A third party device cannot be added directly from FortiAnalyzer in the syslog ADOM.
This is because of the way serial numbers are stored under syslog ADOM. If the device is added from FortiAnalyzer it will not recognize the serial number and will give an error ('The device's serial number does not match database.')

These steps assume that ADOMs have already been enabled on the FortiAnalyzer.

Steps to add the device to FortiAnalyzer:

1. On the third-party device, add FortiAnalyzer as syslog server. Configure it to send logs to FortiAnalyzer.

Figure 1. Ubuntu machine configured to send syslog to FortiAnalyzer

2. On the FortiAnalyzer, the device will show up in Device Manager under Unregistered Devices (root ADOM) after the FortiAnalyzer starts receiving logs from the device.

3. Right-click on the unregistered device and promote it and add it under Syslog ADOM.

4. Enter Syslog ADOM to see the device listed as one of the managed devices.

5. After authorization, the device will appear under the root ADOM.