Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Oscar_Wee
Staff
Staff

Created on ‎08-18-2025 10:56 PM Edited on ‎08-19-2025 01:31 AM By Community Manager

Article Id 406572

Technical Tip: How to verify/view which logs from FortiGate are sent to syslog server

Description

This article explains how to verify which logs from FortiGate are sent to the syslog server via Wireshark.
Scope FortiGate.
Solution

Example:

  1. Run the following command to find out the IPs used for packet sniffing:

 

config log syslogd setting

    set status enable

    set server "173.31.45.76"

    set source-ip "173.28.70.2"

end

 

  1. Run the following command (make sure to use the value 6 0 on the sniff):

 

diagnose sniff packet any "host 173.31.45.76 and host 173.28.70.2" 6 0 l

 

  1. Convert the packet capture, refer to this KB ARTICLE: Technical Tip: How to import 'diagnose sniffer packet' data to WireShark
  2. Refer to this KB article to collect packet capture from the GUI: Troubleshooting Tip: Packet Capture on FortiOS GUI

 

Verification:

 

logwireshark.jpg
164
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.