Hello everyone,I am currently configuring a SIEM solution (Wazuh) and have successfully set up log forwarding from FortiEMS via syslog. However, the logs I am currently receiving on the SIEM are as follows:Status change of FortiClient to onlineFortiClient status marked as offline by EMSFortiClient IP address changesI would like to capture additional logs, such as those generated by the vulnerability scanner, antivirus, web filter, and other security features. Could you advise on how to configure FortiEMS to send these additional logs to Wazuh?

New Member

Question

Configuring FortiEMS to Forward Additional Syslogs Logs to Wazuh SIEM

Forum|Forum|1 year ago
November 6, 2024
1 reply
4188 views

Hello everyone,
I am currently configuring a SIEM solution (Wazuh) and have successfully set up log forwarding from FortiEMS via syslog. However, the logs I am currently receiving on the SIEM are as follows:

Status change of FortiClient to online
FortiClient status marked as offline by EMS
FortiClient IP address changes

I would like to capture additional logs, such as those generated by the vulnerability scanner, antivirus, web filter, and other security features. Could you advise on how to configure FortiEMS to send these additional logs to Wazuh?

ebilcari

Staff

You may need a FortiAnalyzer to collect the logs from the FortiClients first than forward them to the 3rd party SIEM. The steps are also shown in this article.

Emirjon

karim1Author

New Member

Thank you for your response @ebilcari.
However, Is there a way I can use syslog to send logs directly to the SIEM without going through a FortiAnalyzer since we don't own this solution.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded