Skip to main content
ehernandez13
ehernandez13
Visitor III
February 27, 2026
Question

FortiWeb JSON Packet Logs over TLS Syslog – FortiSIEM Parsing Support

  • February 27, 2026
  • 1 reply
  • 227 views
 

We are currently configuring FortiWeb (v7.2.1+) to send packet logs via Syslog using TCP/TLS in JSON format as per the supported configuration:

config log syslog-policy

set port 6514
set proto tls
set format json
set packet enable

We are sending these JSON packet logs directly to FortiSIEM.
The logs are successfully received; however, they are not being parsed correctly and no structured fields are extracted from the JSON payload.

Considering that sending packet logs via TLS Syslog in JSON format is supported from FortiWeb v7.2.1:

  • Has Fortinet provided any official parser or XML-based custom parser for FortiWeb JSON packet logs in FortiSIEM?

  • Is there a recommended configuration or event format required for proper JSON field extraction?

  • Is direct ingestion and parsing of FortiWeb JSON packet logs into FortiSIEM officially supported?

Currently, FortiSIEM appears to ingest these logs as raw syslog messages without JSON field-level normalization.

Has anyone successfully implemented a working parser for FortiWeb JSON packet logs in FortiSIEM?

1 reply

AEK
SuperUser
AEK
SuperUser
March 2, 2026

FortiSIEM supports the FortiWeb's native (default) syslog format.

https://docs.fortinet.com/document/fortisiem/7.5.0/external-systems-configuration-guide/286284/fortinet-fortiweb

Is there any specific reason why you need it in JSON format?

AEK
ehernandez13
ehernandez13Author
Visitor III
March 3, 2026

To send http header information from the Fortiweb logs to syslog

AEK
SuperUser
AEK
SuperUser
March 5, 2026

Do you mean the http header info are sent only in JSON format but not in native format?

AEK
Terms & ConditionsAccessibility statement