Fortiweb logs to FortiSiem

Soulaima · ‎05-27-2025

Hi

i wanna configure Fortiweb to log to my FortiSiem. can someone guide me through

Secusaurus · ‎05-27-2025

Just follow the guide: https://docs.fortinet.com/document/fortisiem/7.3.2/external-systems-configuration-guide/286284/forti...

Best,

Christian

FCX #003451 | Fortinet Advanced Partner

Soulaima · ‎05-28-2025

Hi @Secusaurus,

I’ve already followed the documentation, but it’s not very detailed. Here’s what I’ve done so far, but I still can’t see FortiWeb in FortiSIEM.
Do you have any suggestions on what I should change or add?

Thanks in advance!my collector's ip 10.6.5.11

adriatikb · ‎05-28-2025

Hi,

Try to ping the collector from fortiweb.

Check with tcpdump in the collector if you receive syslog packets from the FortiWeb IP.

AB

Secusaurus · ‎05-28-2025

Hi @Soulaima,

Syslog: Yes, follow @adriatikb's advice: Can you ping and if yes, check with tcpdump on the collector, if you receive udp/514 packets from the FortiWeb-IP.

API: What is the message you got from the Discovery step? In most cases, you can troubleshoot the issues from there.

Best,

Christian

FCX #003451 | Fortinet Advanced Partner

Soulaima · ‎05-28-2025

I can ping from FortiWeb to the collector, but not the other way around. Could this be the problem?dicovery

Secusaurus · ‎05-28-2025

Hi @Soulaima,

Concerning syslog, this should not be an issue. You should receive logs from the FortiWeb on the collector. Next step would be tcdump (packet capture) on the collector for the udp packages.

Concerning the discovery process: You can either discover without ping (set the option) or enable ping on the interface of the FortiWeb (probably it's just disabled there).

Best,

Christian

FCX #003451 | Fortinet Advanced Partner

Alpha7 · ‎07-31-2025

Hi @Soulaima

Have you managed to sort out the issue?

Thanks

Thushy

Fortiweb logs to FortiSiem

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website