Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
tnaik
Staff
Staff

Created on ‎06-24-2021 10:33 PM Edited on ‎02-06-2025 07:47 AM By Moderator

Article Id 198611

Technical Tip: How to send a specific log from FortiAnalyzer to the syslog server via 'Log Forwarding'

Description

 

This article describes how to send specific log from FortiAnalyzer to syslog server.

For this demonstration, only IPS log send out from FortiAnalyzer to syslog is considered.

Solution

 

  1. Check the 'Sub Type' of the log.


From the GUI, go to Log view -> FortiGate -> Intrusion Prevention and select the log to check its 'Sub Type'.

Stephen_G_0-1738856739001.png

 

  1. Apply the filter under 'Log Forwarding'.

Log Field: Generic free-text filter, Match criteria:Match, Value:subtype=ips    <-----See the screenshot below.
 
This will only send logs with the IPS sub-type.
  
 
  1. The CLI will show the configuration as below:
 

Troubleshooting:

 

If issues are encountered with log forwarding, check the log forwarding stats by using the following command:

 

diagnose test application logfwd 4

 

If there are issues with the forwarding engine, reset the logfwd process:

 

diagnose test application logfwd 99

diagnose test application logfwd

 

Related articles:
7326
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.