Issues with TCP Syslog Logs on FortiGate 60E (FortiOS v5.6.4)
Hello,
I am experiencing issues when sending logs from a FortiGate 60E device running FortiOS v5.6.4 to a Logstash server using syslog over TCP. Upon inspecting the packets reaching the log server, I can see the traffic arriving correctly, but the logs contain messages like:
2024-10-03T18:06:49.773760+00:00 169.254.106.82 <greeting />#015
2024-10-03T18:06:59.924314+00:00 169.254.106.82 <greeting />#015
2024-10-03T18:07:10.093023+00:00 169.254.106.82 <greeting />#015
Instead of the complete data I need (ACK, hostnames, etc.).
The same setup works fine on another FortiGate device sending logs via UDP, but in this case, I do not have the option to configure the transport mode as UDP on the Caseros device. I've tried different configurations, including adjusting the log severity and filters, but the issue persists.
My questions are:
- Is it possible to configure logs to be sent correctly over TCP in this version of FortiOS?
- If not, is there a way to force the use of UDP without the explicit option set mode udp?
- Any other suggestions for resolving this issue?
Here is my current configuration:
config log syslogd setting
set status enable
set server "10.102.139.28"
set reliable disable
set port 514
set facility local7
set source-ip "169.254.106.82"
set format csv
end
Any guidance would be greatly appreciated, as collecting the correct logs is crucial for my infrastructure.
Thank you for your help.
Best regards,
AgustÃn