FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
tnaik
Staff
Staff
Article Id 198611

Description

 

This article describes how to send specific log from FortiAnalyzer to syslog server.

For this demonstration, only IPS log send out from FortiAnalyzer to syslog is considered.


Solution

 

1) Check the 'Sub Type' of log.

From GUI, go to Log view -> Fortigate -> Intrusion Prevention and select log to check 'Sub Type'.

 

2) Apply filter under 'Log Forwarding'.

Log Field: Generic free-text filter, Match criteria:Match, Value:subtype=ips    <-----Check the below screenshot.
 
This will only send logs with sub-type IPS.
  
 
3) CLI will show the configuration as below: