The integration of FortiGate or Forti Analyzer to the IBM SIEM solution might not work as expected. The configuration is similar to the Syslog server configuration on FortiGate:

Under 'Log Settings', enable the syslog option and mention the FQDN or IP address of the SIEM collector. SIEM collector is an application installed on the VM that will fetch the details about the device.

Make sure to forward all the event logs so an SIEM collector and manage and send alerts/notifications to the Admin.

The common challenges are described below:

1. Make sure the connectivity to the SIEM collector is there also verify the required ports and protocols from the SIEM vendor.
2. In the case of an internal SIEM collector with FQDN, make sure the DNS resolution is correct. If required, create a local DNS entry on the Firewall.
3. Based on the requirement only specific logs can be sent to the SIEM collector since some vendors do not want to store unnecessary logs.

Apart from the above issues, the troubleshooting is the same as syslog settings.

Related articles: