Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Nishtha_Baria
Staff
Staff

Created on ‎08-10-2024 01:39 PM Edited on ‎03-18-2025 07:22 AM By Staff

Article Id 331959

Technical Tip: How to configure syslog on FortiGate

Description This article describes how to configure Syslog on FortiGate.
Scope FortiGate.
Solution

Below are the steps that can be followed to configure the syslog server: 

 

From the GUI: 

 

  1. Log into the FortiGate. 
  2. Select Log & Report to expand the menu. 
  3. Select Log Settings. 

Logsettings.PNG

 

  1. Toggle Send Logs to Syslog to Enabled. 

  2. Enter the Syslog Collector IP address. 

     

    syslogip.PNG

     

     

  3. Select Apply. 

     

If it is necessary to customize the port or protocol or set the Syslog from the CLI below are the commands: 

 

config log syslogd setting 

    set status enable 

    set server "192.168.1.19" 

    set mode udp 

    set port 514 

end 

 

cli.PNG

 

To establish the connection to the Syslog Server using a specific Source IP Address, use the below CLI configuration: 

 

config log syslogd setting
    set status enable
    set server "192.168.1.19"
    set source-ip "192.168.1.1"

    set mode udp

    set port 514
end

 

The source '192.168.1.1' can be any IP address of the FortiGate's interface that can reach the syslog server IP  of '192.168.1.19' in the above example and the same info can be found in the routing table.

 

Note:

If the Syslog Server is connected over IPSec Tunnel Syslog Server Interface needs to be configured using Tunnel Interface using the following commands and make sure the Syslog server IP is a part of Phase-2 selectors.

 

config log syslogd setting
    set status enable
    set server "<Syslog Server IP>"
    set source-ip "192.168.1.1"

    set mode udp

    set port 514

       set interface-select-method specify

    set interface <IPsec Tunnel Interface>
end

 

The ping and ping-options command from the CLI can be used to check basic connectivity to the Syslog server from a specific source IP.

 

exec ping-options source 192.168.1.1
exec ping 192.168.1.19
PING 192.168.1.19 (192.168.1.19): 56 data bytes
64 bytes from 192.168.1.19: icmp_seq=0 ttl=255 time=0.2 ms
64 bytes from 192.168.1.19: icmp_seq=1 ttl=255 time=0.1 ms
64 bytes from 192.168.1.19: icmp_seq=2 ttl=255 time=0.1 ms
64 bytes from 192.168.1.19: icmp_seq=3 ttl=255 time=0.1 ms
64 bytes from 192.168.1.19: icmp_seq=4 ttl=255 time=0.1 ms

--- 192.168.1.19 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.2 ms

 

To filter the logs according to severity: Technical Tip: Setting Filter Based on Severity for External Syslog in FortiGate.

Related articles:

Technical Tip: Standard procedure to format a FortiGate Log Disk, log backup from disk

Technical Tip: How to download Logs from FortiGate GUI
Technical Tip: How to configure logging in memory in later FortiOS
Technical Tip: How to check/filter configuration changes logs
Technical Tip: How to download disk logs in plaintext format avoid performing LZ4 decompression usin...
Technical Tip: Download Debug Logs and 'execute tac report'
Technical Tip: How to perform a syslog and log test on a FortiGate with the 'diagnose log test' comm...
Labels:
21644
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.