Help
FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
bbae
Staff
Staff

Created on ‎11-11-2023 06:28 AM

Article Id 283818

Technical Tip: How to Fine-Tune Audit Log Forwarding Rules on syslog

Description This article describes how to Fine-Tune Audit Log Forwarding Rules on syslog.
Scope FortiSOAR v7.2.x, syslog.
Solution

If the desired options cannot be found while creating or editing Audit Log Forwarding Rules, try adjusting the rule gradually as below.

  1. Configure a Syslog server to the window or server using the Visual Syslog server tool, etc.
  2. Execute a playbook.
  3. Check the playbook log through 'Audit Log' on 'System -> Audit Log' directly to set the rule granularly.


Audit Log.PNG

 

  1. Set the rule's conditions as per the 'Audit Log' previously reviewed, such as type, operation, user, or Source.
    *If nothing is set on the field, the field is applied to everything.


Log Forwarding.PNG

 

  1. Check the Syslog server to see whether it was received correctly.


Visual Syslog Server.PNG
398
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.