FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to change the source ip of Fortigate SYSLOG Traffic.
Scope FortiGate running single VDOM or multi-vdom.

FortiGate will use the source IP by default, as one of the egress interfaces.
In order to source the traffic from a loopback or from a different interface, the following settings have to be enabled:

FortiGate with Single VDOM:


# config log syslogd setting
    set status enable
    set server "x.x.x.x"  ==>==> Syslog Server IP 
    set source-ip y.y.y.y ==>==> source ip to use 

FortiGate with Multi-vdom:
Firewalls with multi-vdom can have a specific Syslog server for each VDOM.


To enable vdom-specific Syslog Server, the following feature has to be enabled:

# config vdom
    edit <vdom_name>

    config log setting

        set syslog-override enable  <----- This enables VDOM specific syslog server.



To change the source-ip of vdom-specific syslog traffic:


# config log syslogd override-setting

    set server "x.x.x.x"   <----- Syslog Server IP.
    set source-ip y.y.y.y  <----- Source IP to use.