Below are the steps that can be followed to configure the syslog server: 

From the GUI: 

1. Log into the FortiGate. 
2. Select Log & Report to expand the menu. 
3. Select Log Settings. 
   
   

4. Toggle Send Logs to Syslog to Enabled. 

5. Enter the Syslog Collector IP address. 

    

   

    

6. Select Apply. 

If it is necessary to customize the port or protocol or set the Syslog from the CLI, run the commands shown below. In a multi-VDOM environment, execute them in a global VDOM.

config log syslogd setting 

    set status enable 

    set server "192.168.1.19" 

    set mode udp 

    set port 514 

end 

To establish the connection to the Syslog Server using a specific Source IP Address, use the following CLI configuration: 

config log syslogd setting
    set status enable
    set server "192.168.1.19"
    set source-ip "192.168.1.1"

    set mode udp

    set port 514
end

The source '192.168.1.1' can be any IP address of the FortiGate's interface that can reach the syslog server IP  of '192.168.1.19' in the above example, and the same info can be found in the routing table.

Note:

If the Syslog Server is connected over an IPSec Tunnel Syslog Server Interface needs to be configured using the Tunnel Interface using the following commands, and make sure the Syslog server IP is a part of the Phase-2 selectors.

config log syslogd setting
    set status enable
    set server "<Syslog Server IP>"
    set source-ip "192.168.1.1"

    set mode udp

    set port 514

    set interface-select-method specify

    set interface <IPsec Tunnel Interface>
end

The ping and ping-options command from the CLI can be used to check basic connectivity to the Syslog server from a specific source IP.

execute ping-options source 192.168.1.1
execute ping 192.168.1.19
PING 192.168.1.19 (192.168.1.19): 56 data bytes
64 bytes from 192.168.1.19: icmp_seq=0 ttl=255 time=0.2 ms
64 bytes from 192.168.1.19: icmp_seq=1 ttl=255 time=0.1 ms
64 bytes from 192.168.1.19: icmp_seq=2 ttl=255 time=0.1 ms
64 bytes from 192.168.1.19: icmp_seq=3 ttl=255 time=0.1 ms
64 bytes from 192.168.1.19: icmp_seq=4 ttl=255 time=0.1 ms

--- 192.168.1.19 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.2 ms

To filter the logs according to severity: Technical Tip: Setting Filter Based on Severity for External Syslog in FortiGate.

To produce a test log to see if syslog settings are working: Technical Tip: How to perform a syslog and log test on a FortiGate with the 'diagnose log test' comm...

Note:

From v7.6.0, it is possible to set the source interface for syslog. This enhancement allows syslog to utilize the IP address of the specified interface as a source when sending the messages out. 

config log syslogd setting

    set status enable

    set source-ip-interface <name>    

end

Syslog traffic is management traffic and is sent over the dedicated management interface. Without a direct link, it can be sent to any interface. See this article Technical Tip: When 'ha-direct' is enabled, the 'source-ip' setting will not work on the syslog conf... for more information.

Related articles:

Technical Tip: Standard procedure to format a FortiGate Log Disk, log backup from disk

Technical Tip: How to download Logs from FortiGate GUI
Technical Tip: How to configure logging in memory in later FortiOS
Technical Tip: How to check/filter configuration changes logs
Technical Tip: How to download disk logs in plaintext format avoid performing LZ4 decompression usin...
Technical Tip: Download Debug Logs and 'execute tac report'
Technical Tip: How to perform a syslog and log test on a FortiGate with the 'diagnose log test' comm...