Skip to main content
Marine25
Marine25
New Member
August 5, 2018
Question

Fortigate using syslog and Fortianalyser at the same time

  • August 5, 2018
  • 2 replies
  • 9429 views

Hello , can a fortigate use a fortianalyser and at the same time be configured to send syslogs to another host (a SIEM solution)

 

Thanks

    2 replies

    emnoc
    emnoc
    New Member
    August 5, 2018

    Yes you can run  a syslog and   faz at that same time. If you need to  send to more than 1+ syslogs, use the  cli

     to configure the syslog-targets

    Marine25
    Marine25Author
    New Member
    August 6, 2018

    thanks for the info.

    User5
    User5
    New Member
    August 9, 2018

    Interested in this as well as I am doing the same thing. 

     

    I can see that you can configure multiple syslog in the CLI but would like to know if the Syslog config overrides the Fortianalyzer config as it does in the GUI.

     

    If I enable FAZ and Syslog via web GUI then Syslog overides and does not send logs to FAZ, or so I have been informed.

     

    Does the config need to be done specifically in the CLI ?

     

    Thanks

    hawada
    hawada
    New Member
    August 12, 2018

    Hi

    When configuring multiple Syslog servers (or one Syslog server), you can configure reliable delivery of log messages from the Syslog server. Configuring of reliable delivery is available only in the CLI.

     

    If VDOMs are enabled, each VDOM will use the default FortiAnalyzer/Syslog server, but an individual override can be enabled in the CLI, allowing you to specify a different FortiAnalyzer/Syslog server for that VDOM

     

    Most FortiGate features are, by default, enabled for logging. You can disable individual FortiGate features you do not want the Syslog server to record, as in this example:

    config log syslogd filter set traffic {enable | disable} set web {enable | disable} set url-filter {enable | disable} end

     

    To enable/disable override settings per-VDOM

    config log syslogd override-filter set override {enable | disable}

    end

     

    Same for FortiAnalyzer but instead of syslogd use fortianalyzer.

     

    http://docs.fortinet.com/uploaded/files/1084/fortigate-loggingreporting-509.pdf

      Yes, you have to make those changes via CLI.   Regards  
    Terms & ConditionsAccessibility statement