Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
zaerth
New Contributor

Logging to FortiAnalyzer and to syslog

All of our customer firewalls are logging to FortiAnalyzer for research/analytics. We've also had many of these firewalls also logging to syslog for the managed SOC. However, it seems like recently if logging to FortiAnalyzer is enabled, that syslog stops working, even though it's configured in the UI.

Perhaps I'm missing something? It's possible that it hasn't worked in a while and we just didn't notice..

router login 192.168.l.l
2 REPLIES 2
seshuganesh
Staff
Staff

Hi Team,

 

Could you please execute this command "diag sniffer packet any 'host a.b.c.d'" 4 0 a (where a.b.c.d is the syslog server ip)

Also please let us know where is the sys log server located

please share these logs with us

amouawad
Staff
Staff

One option that you might want to investigate is to use the FAZ to forward logs to the syslog server in the managed SOC.

 

If the SOC syslog supports TCP, the FAZ will be able to cache the logs if there is a connectivity problem between itself and the syslog server.

 

You can also specify which devices the logs will be forwarded for.

 

2022-05-06_23-59.png

Labels
Top Kudoed Authors