FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to change port and protocol for Syslog setting in the CLI.
Scope
FortiGate CLI.
Solution
FortiGate will use port 514 with UDP protocol by default.
In order to change these settings, it must be done in CLI :
config log syslogd setting set status enable set port 514 set mode udp
set mode ? <----- To see what modes are available, enable syslogging over UDP. legacy-reliable Enable legacy reliable syslogging by RFC3195 <----- Reliable Delivery for Syslog. reliable Enable reliable syslogging by RFC6587 <----- Transmission of Syslog Messages over TCP. end
Then, execute the following packet trace in order to confirm that the settings above are taken into account and the FortiGate sends the logs properly:
FGT # diagnose sniffer packet any 'host <ip of syslog server> and port 514' 4 0 l
