New Member
January 26, 2017
Question
Fortigate 200D - Log Forwarding Traffic to remote syslog server
- January 26, 2017
- 1 reply
- 13268 views
Hi,
We are having some issues logging Forwarded Traffic (most important for us) to remote syslog server (splunk).
What we have done so far:
Log & Report -> Log Settings: (image attached)
IE-SV-For01-TC (setting) # show full-config
config log syslogd setting
set status enable
set server "192.168.1.160"
set reliable disable
set port 9998
set csv disable
set facility local0
set source-ip 0.0.0.0
end
IE-SV-For01-TC (filter) # get
severity : information
forward-traffic : enable
local-traffic : enable
multicast-traffic : enable
sniffer-traffic : enable
anomaly : enable
netscan-discovery : enable
netscan-vulnerability: enable
voip : enable
Logging Options on the Policy & Objects -> Policy -> IPv4 is set to All sessions
I also installed Fortigate app & add-on for Splunk and i can see only fgt_event logged in to remote syslog.
Jan 26 10:33:34 192.168.1.150 date=2017-01-26 time=10:33:34 devname=fortigate devid=FG200D4Q16809336 logid=0100040704 type=event subtype=system level=notice vd="root" logdesc="System performance statistics" action="perf-stats" cpu=0 mem=15 totalsession=217 disk=1 bandwidth=10/88 setuprate=0 disklograte=0 fazlograte=0 msg="Performance statistics: average CPU: 0, memory: 15, concurrent sessions: 217, setup-rate: 0"
Can you please help us to log the traffic to remote syslog?
Regards,
Andrzej