Description
This article describes
how to add a third party device to FortiAnalyzer where the
FortiAnalyzer is the syslog server.
Solution
A third party device
cannot be added directly from FortiAnalyzer in the syslog
ADOM.
This is because of the way serial numbers are stored under syslog
ADOM. If the device is added from FortiAnalyzer it will not
recognize the serial number and will give an error ("The device's
serial number does not match database.")
These steps assume that ADOMs have already been enabled on the FortiAnalyzer.
Steps to add the device to FortiAnalyzer:
1. On the third party device, add FortiAnalyzer as syslog server.
Configure it to send logs to FortiAnalyzer.
2. On the FortiAnalyzer, the device will show up in Device
Manager under Unregistered Devices (root ADOM) after the FortiAnalyzer starts receiving logs from the device.
3. Right click on the unregistered device and promote it and add it under Syslog
ADOM.
4. Enter Syslog ADOM and you should see the device listed as one of the managed devices.
