Skip to main content
zaerth
zaerth
New Member
May 6, 2022
Question

Logging to FortiAnalyzer and to syslog

  • May 6, 2022
  • 2 replies
  • 1710 views

All of our customer firewalls are logging to FortiAnalyzer for research/analytics. We've also had many of these firewalls also logging to syslog for the managed SOC. However, it seems like recently if logging to FortiAnalyzer is enabled, that syslog stops working, even though it's configured in the UI.

Perhaps I'm missing something? It's possible that it hasn't worked in a while and we just didn't notice..

2 replies

seshuganesh
Staff
seshuganesh
Staff
May 6, 2022

Hi Team,

 

Could you please execute this command "diag sniffer packet any 'host a.b.c.d'" 4 0 a (where a.b.c.d is the syslog server ip)

Also please let us know where is the sys log server located

please share these logs with us

amouawad
Staff
amouawad
Staff
May 6, 2022

One option that you might want to investigate is to use the FAZ to forward logs to the syslog server in the managed SOC.

 

If the SOC syslog supports TCP, the FAZ will be able to cache the logs if there is a connectivity problem between itself and the syslog server.

 

You can also specify which devices the logs will be forwarded for.

 

2022-05-06_23-59.png

Terms & ConditionsAccessibility statement