Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Nur
Staff
Staff

Created on ‎09-08-2025 12:43 AM Edited on ‎09-08-2025 12:44 AM By Community Manager

Article Id 409919

Technical Tip: How to send Syslog from Linux (Ubuntu) based to FortiAnalyzer

Description This article describes how to send syslog from a Linux (Ubuntu) based to FortiAnalyzer.
Scope FortiAnalyzer and Linux (Ubuntu).
Solution

FortiAnalyzer is only able to receive logs from Ubuntu Linux-based based. If other Linux-based systems send logs to FortiAnalyzer, the syslog section will be 'web server error'.

 

The Ubuntu workstation needs to have the EMS/FortiClient installed to the workstation.

 

Configure FortiAnalyzer at the EMS system settings. From the FortiAnalyzer side, two authorization devices will pop up at Device Manager: (enable ADOM):

  1. EMS.
  2. Syslog.

 

To ensure Ubuntu sends logs to FortiAnalyzer, it is possible to enable the configuration-based guide below:

 

Log in as root:

 

login as: root
root@10.47.4.XX's password:

 

Access to/etc folder:

 

root@preve-kvm39:~# cd /etc

 

Edit rsyslog.conf file (syslog config):

 

root@preve-kvm39:/etc# vi rsyslog.conf

 

Add FortiAnalyzer info:

 

# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

*.*@10.47.5.XX:514 #For UDP

 

Refresh the FortiAnalyzer, and it will show the event log of Ubuntu.

 

Screenshot 2025-09-08 132158.png
58
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.