To configure an external/remote syslog or something similar in a FortiMail Cloud (FML-CLD) instance, an admin account with the 'superadmin' is necessary. This profile is for the exclusive use of FortiMail Cloud administrators.

If the FortiMail needs to send logs to an external syslog, follow these steps:

1. Create a ticket in the Technical Assistance Center indicating the following:

• The name of the FortiMail Cloud instance.
• Syslog external/external server IP address or the URL that can be reached from Internet.
• The port that is used by syslog external/remote server and if it is TCP or UDP. If the external syslog is using TCP over TLS, provide the certificate (*) and both the key file and password.

2. Once the ticket is created, a TAC engineer will send a confirmation message to inform the syslog server was configured.
3. Keep in mind that the FortiMail Cloud allows any syslog server, including FortiSIEM or FortiAnalyzer who works as syslog servers.

(*) If the external syslog uses TCP over TLS, please verify the following:

• The certificate must be signed by a valid CA (trusted).
• If the certificate is signed by an invalid (untrusted) CA, the certificate must be auto-signed.