Fortiweb Syslog Attack Message to Syslog Server

Forum|Forum|4 years ago
January 28, 2022
1 reply
2001 views

Hello,

what Facility settings i need to use to log Attack Messages to my Syslog Server?

Or better one to log everything to the Syslog Server.

I try Loglevel Debug an local use 7 but no luck

Many thank's

TBC

FortiWEB

abelio

SuperUser

Hello,
No problem with that for me at least, i'm running 6.41 firmware version

Attack logs are coming into our syslog.

A few checks to consider:

- If your Syslog Policy is defined with TLS enabled, your syslog server should listen in 6514/TCP port
- try with the traditional 514/UDP syslog port (disable TLS and configure 514 port in syslog policy)

Verify with a sniffer that logs are actually sent to Syslog IP server.

Hope it helps

TBCAuthor

Explorer

Hello abelio,

again many thanks.

I have installed in Graylog the graylog3.Fortigate6xContentPack-master\graylog3.Fortigate6xContentPack.json which is only "FortiGate Raw/Plaintext UDP".

With that one all logs are receiving with graylog.

With tcp TLS i'm not very lucky, sometimes i get some logs but with 1 our delay.

I have to look again if there is a other solution to get it running with tcp/tls but for the moment i see my logs :)

Many many thank's

Tbc

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded