FortiWeb

KalanaChandrasiri · ‎09-22-2019

Hi People,

I need to configure FortiWeb to FortiWeb.

In Fortiweb 4000 it has both Syslog Policy and SIEM policy (Under Log Policy). What is the supportive method for FortiSIEM?

If we configured SIEM policy it shows only QRadar LEEF and ArcSight CEF. What is

I saw that there is a comment as "CEF" is not support with FortiSIEM.

Regards,
Kalana

------------------------------
kalana
------------------------------

DanielHanman · ‎09-23-2019

Hi Kalana,

FortiSIEM version 5.2.5 supports FortiWeb using Syslog format.

The recevied log format should be key value pair format, similar to this:

date=2016-02-18 time=10:00:05 log_id=00001002 msg_id=000067508821 device_id=FV400D3A15450010 vd="root" timezone="(GMT+3:00)Baghdad" type=event subtype="admin" pri=information trigger_policy="" user=admin ui=GUI action=edit status=success msg="User admin changed global from GUI(196.168.6.66)"-------------------------------------------
Original Message:
Sent: 09-23-2019 01:05
From: Kalana Chandrasiri
Subject: FortiWeb

Hi People,

I need to configure FortiWeb to FortiWeb.

In Fortiweb 4000 it has both Syslog Policy and SIEM policy (Under Log Policy). What is the supportive method for FortiSIEM?

If we configured SIEM policy it shows only QRadar LEEF and ArcSight CEF. What is

I saw that there is a comment as "CEF" is not support with FortiSIEM.

Regards,
Kalana

------------------------------
kalana
------------------------------

KalanaChandrasiri · ‎09-23-2019

@daniel,

Are we able to configure custom log format in -------------------------------------------
Original Message:
Sent: 09-23-2019 04:42
From: Daniel Hanman
Subject: FortiWeb

Hi Kalana,

FortiSIEM version 5.2.5 supports FortiWeb using Syslog format.

The recevied log format should be key value pair format, similar to this:

date=2016-02-18 time=10:00:05 log_id=00001002 msg_id=000067508821 device_id=FV400D3A15450010 vd="root" timezone="(GMT+3:00)Baghdad" type=event subtype="admin" pri=information trigger_policy="" user=admin ui=GUI action=edit status=success msg="User admin changed global from GUI(196.168.6.66)"
Original Message:
Sent: 09-23-2019 01:05
From: Kalana Chandrasiri
Subject: FortiWeb

Hi People,

I need to configure FortiWeb to FortiWeb.

In Fortiweb 4000 it has both Syslog Policy and SIEM policy (Under Log Policy). What is the supportive method for FortiSIEM?

If we configured SIEM policy it shows only QRadar LEEF and ArcSight CEF. What is

I saw that there is a comment as "CEF" is not support with FortiSIEM.

Regards,
Kalana

------------------------------
kalana
------------------------------

DanielHanman · ‎09-26-2019

The format needs to be the standard Key Value Pair log format. If you customise then the FortiSIEM parser may also need to be customised.-------------------------------------------
Original Message:
Sent: 09-24-2019 02:08
From: Kalana Chandrasiri
Subject: FortiWeb

@daniel,

Are we able to configure custom log format in
Original Message:
Sent: 09-23-2019 04:42
From: Daniel Hanman
Subject: FortiWeb

Hi Kalana,

FortiSIEM version 5.2.5 supports FortiWeb using Syslog format.

The recevied log format should be key value pair format, similar to this:

date=2016-02-18 time=10:00:05 log_id=00001002 msg_id=000067508821 device_id=FV400D3A15450010 vd="root" timezone="(GMT+3:00)Baghdad" type=event subtype="admin" pri=information trigger_policy="" user=admin ui=GUI action=edit status=success msg="User admin changed global from GUI(196.168.6.66)"
Original Message:
Sent: 09-23-2019 01:05
From: Kalana Chandrasiri
Subject: FortiWeb

Hi People,

I need to configure FortiWeb to FortiWeb.

In Fortiweb 4000 it has both Syslog Policy and SIEM policy (Under Log Policy). What is the supportive method for FortiSIEM?

If we configured SIEM policy it shows only QRadar LEEF and ArcSight CEF. What is

I saw that there is a comment as "CEF" is not support with FortiSIEM.

Regards,
Kalana

------------------------------
kalana
------------------------------