FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vjoshi_FTNT
Staff
Staff
Description
This article describes how to enable logging on FortiController and configure it to send logs to syslog server or a FortiAnalyzer(with syslog ADOM).

Solution
Settings required On FortiAnalyzer.

- Enable ADOM on FortiAnalyzer (skip this step if ADOM is already enabled).
- Create New ADOM (syslog).

Settings required on Forticontroller.

Syslog related config is only available in the CLI and below commands are required to enable the syslog:
# config log syslogd setting
    set status enable
    set server "10.5.21.82"       <----- 10.5.21.82 is the FortiAnalyzer IP in this case.
end
By default, ALL the syslog filters are disabled as shown below:
# config log syslogd filter
    set event disable
    set severity information
end
Once the 'set event enable' is applied, it will be possible to see the various event filters which are by default disabled as shown below:
# config log syslogd filter
    set event enable
    set severity information
    set base-switch-config disable
    set base-switch-general disable
    set base-switch-trunk disable
    set fabric-switch-config disable
    set fabric-switch-general disable
    set fabric-switch-stp disable
    set fabric-switch-trunk disable
    set system-config disable
    set system-general disable
end
In order to receive basic events, enable the below:
# config log syslogd filter
    set event enable
    set system-general enable
end
For testing, login and logout of the FortiController to see an event on the syslog.

Once the above settings are applied, Forticontroller will start sending the logs to the configured syslog server (in this case FortiAnalyzer).
On the
FortiAnalyzer, authorize the Forticontroller to start seeing the logs.

Contributors