|
The firewall makes it possible to connect a Syslog-NG server over a UDP or TCP connection.
To configure the Syslog-NG server, follow the configuration below:
config log syslogd setting <- It is possible to add multiple Syslog servers. For that, refer to the reference document.
set status enable
set server 10.2.36.69
set mode reliable
set format rfc5424
end
Note: Make sure to choose format rfc5424 for TCP connection as logs will otherwise be rejected by the Syslog-NG server with a header format issue.
To ensure the successful connection of the Syslog-NG server over the Tunnel connection, define the source IP under the syslogd settings so that the firewall routes packets from the local IP to over IPsec. Otherwise, the firewall may choose the Tunnel interface, resulting in a failed connection.
Refer to the topology below. It is possible to confirm that the FortiGate firewall allows traffic from the 192.168.1.0/24 subnet to reach the remote firewall. The interface IP is set to 192.168.1.99, which enables the routing of packets to the remote end.
FG (Client - 192.168.1.99/24) <IPSEC Tunnel> FG/ any other firewall <Lan> Syslog Server (10.2.36.69)
Simple Topology for Site-Site Connection.
Here is the revised configuration for TCP connection over the IPsec Tunnel:
config log syslogd setting
set status enable
set server 10.2.36.69
set mode reliable
set format rfc5424
set source-ip 192.168.1.99
end
See: Technical Tip: Configuring multiple SYSLOG servers.
|
