Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
tnaik
Staff
Staff

Created on ‎06-24-2021 10:33 PM Edited on ‎11-23-2022 02:42 AM By Moderator

Article Id 198611

Technical Tip: How to send specific log from FortiAnalyzer to syslog server via 'Log Forwarding'

Description

 

This article describes how to send specific log from FortiAnalyzer to syslog server.

For this demonstration, only IPS log send out from FortiAnalyzer to syslog is considered.

Solution

 

1) Check the 'Sub Type' of log.

From GUI, go to Log view -> Fortigate -> Intrusion Prevention and select log to check 'Sub Type'.

 

2) Apply filter under 'Log Forwarding'.

Log Field: Generic free-text filter, Match criteria:Match, Value:subtype=ips    <-----Check the below screenshot.
 
This will only send logs with sub-type IPS.
  
 
3) CLI will show the configuration as below:
  
 

Troubleshooting:

 

Technical Tip: Integrate FortiAnalyzer and FortiSIEM

 

5547
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.