Skip to main content
clalau
clalau
New Member
March 5, 2021
Question

VDOM's Syslogd Override

  • March 5, 2021
  • 1 reply
  • 5043 views

Hello guys!

I tried to set up syslogd override on FortiGate-1200D-VDOM 6.2 patch 6 and it didn't work, as soon as I has been implemented the device stopped sending logs to our Qradar ( see the config bellow).

Need help to try to fix it please:

 

config log setting set syslog-override enable end config log syslogd override-setting set status enable set server "209.134.187.181" set facility local1 end config log syslogd4 override-setting set status enable set server "10.4.213.7" set facility local1 set source-ip "10.11.1.164" end

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    March 6, 2021

    Are you sure your syslog server understand "default" text format? Not csv format?

    clalau
    clalauAuthor
    New Member
    March 6, 2021

    Yes, it does, we don't use CVS on this one!

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    March 6, 2021

    If you're confident about config under "config log syslogd override-filter", I would just sniff port 514 traffic on the vdom interfaces (I assume those are different because the server IPs are public and private) if it's actually sending log out.

    Terms & ConditionsAccessibility statement