Technical Tip: How to force the syslog using specific IP address and interface to send to internet

tonylin1 · ‎11-03-2022

Description

This article describes how to force the syslog using specific IP address and interface to send out to Internet.

Scope

If the FortiGate has a default route on WAN1, but to send the syslogd by LAN IP address to Internet.

Solution

1) Create syslogd settings as bellow:

# config log syslogd setting
set status enable
set server "x.x.x.x" <-----IP Address in internet.
set source-ip "14.14.14.9" <-----IP Address of LAN.
set interface-select-method specify
set interface "lan"
end

2) Add default static route with higher priority:

# get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

Routing table for VRF=0
S* 0.0.0.0/0 [10/0] via y.y.y.y, wan1, [1/0]
[10/0] via 14.14.14.14, lan, [1/0]

3) It is possible now to see that the syslog traffic is sent out by the LAN IP and interface.

# diagnose sniffer packet any 'host x.x.x.x' 4 0 l
interfaces=[any]
filters=[host x.x.x.x]
2022-11-04 09:52:22.365267 lan out 14.14.14.9.4291 -> x.x.x.x.514: udp 560
2022-11-04 09:52:22.544854 lan out 14.14.14.9.4291 -> x.x.x.x514: udp 560
2022-11-04 09:52:25.424974 lan out 14.14.14.9.4291 -> x.x.x.x.514: udp 560