Technical Tip: How to verify/view which logs from FortiGate are sent to syslog server

Example:

1. Run the following command to find out the IPs used for packet sniffing:

config log syslogd setting

    set status enable

    set server "173.31.45.76"

    set source-ip "173.28.70.2"

end

2. Run the following command (make sure to use the value 6 0 on the sniff):

diagnose sniff packet any "host 173.31.45.76 and host 173.28.70.2" 6 0 l

3. Convert the packet capture, refer to this KB ARTICLE: Technical Tip: How to import 'diagnose sniffer packet' data to WireShark
4. Refer to this KB article to collect packet capture from the GUI: Troubleshooting Tip: Packet Capture on FortiOS GUI

Verification: