Technical Tip: FortiSIEM compatibility with Octet Counting in FortiMail Syslog over TCP

For the syslog, to correctly parse messages from FortiMail between CR LF (Windows), LF(Unix), and CR (Macintosh) line breaks, the following configuration is required:

1. Navigate to Log & Report -> Log Setting -> Remote.
2. Select the button '+ New'.
3. Fill up the Name and Server name/IP.
4. Protocol -> Syslog.

5. Mode-> TCP (Legacy).

With this setting, FortiMail will include Non-Transparent-Framing (LF-terminated messages) to parse syslog messages.