FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to configure subnet-based syslog filtering on FortiGate devices, allowing users to filter traffic logs based on specific source or destination IP addresses.
Scope
FortiGate.
Solution
To configure subnet-based syslog filtering on FortiGate, follow the steps below:
Configure the syslog server using CLI:
config log syslogd setting set status enable set server 'x.x.x.x' <------ Syslog server IP address. set mode udp set port 514 end
Configure the subnet-based filter using CLI:
config log syslogd filter config free-style edit 1 set category traffic set filter '(srcip 20.10.10.0-20.10.10.254) or (dstip 20.10.10.0-20.10.10.254)' set filter-type include next end end
Note: To forward a specific subnet of IP addresses, the entire network range of IP addresses should be defined in the filter.
This configuration will forward traffic logs with source or destination IP addresses within the 20.10.10.0/24 subnet to the specific syslog server.
