Technical Tip: Syslog does not receive IPS events log from Firewall
| Description | This article describes an issue when the syslog server does not receive the IPS events (or other UTM events) from FortiGate Firewall. |
| Scope | Syslog, FortiGate. |
| Solution | It needs to check the 'forward-traffic' option, under the 'syslogd filter' setting on Firewall:
config log syslogd filter
If the forward-traffic is enabled (by default), the IPS events (and other UTM events such as antivirus, web-filter, app-control,...) will be sent to the syslog server as expected:
   If the forward-traffic is disabled, only the anomaly event (type = UTM) will be sent to the syslog server. Other UTM events will not be sent to the syslog server:
 |