Automatically log forwarding to external solution - Firewall Fortnet

NOC-Multistrada · ‎07-21-2023

Hello All,

I have fortigate Fortinet 1000D and Fortinet 201E. I would ask you to ask following questions :

Does the current OS version (7.2.5 build 1518) of Fortinet 1000D and Fortinet 201E has a solution to export (in real time) the logs (any possible type of logs) to external solution? If yes, what kind of the solutions?
Does the version 7.2.5 build 1518 allow to send all the logs to the external syslog server (Syslog-NG) ? If yes, what is the procedure to configure it ?
What is the format of the logs which will be send to external solution ? Text ? Binary ?
Does this solution is compatible with RFC3164 and RFC5424 style syslog messages ?
What are the solutions to secure the log flows between Firewall and external Syslog-NG?

Thank you All

msanjaypadma · ‎07-22-2023

There is no any specific documentation that specific syslogd server is compatible with specific FortiOS.
You may refer below article , Hope it will helpful.
https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/461620/config-log-syslogd-setting

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

Thanks,

Mayur Padma

srajeswaran · ‎07-22-2023

Hi @NOC-Multistrada , I hope below answers helps.

1. Does the current OS version (7.2.5 build 1518) of Fortinet 1000D and Fortinet 201E has a solution to export (in real time) the logs (any possible type of logs) to external solution? If yes, what kind of the solutions?
>>>>We recommend using FortiAnalyzer, if you are looking for any other specific solutions and any questions related to it, please share it the community members will be able to help.

Does the version 7.2.5 build 1518 allow to send all the logs to the external syslog server (Syslog-NG) ? If yes, what is the procedure to configure it ?
>>>>Following article explains the config and procedure.
https://community.fortinet.com/t5/Blogs/Syslog-Filtering-on-FortiGate-Firewall-amp-Syslog-NG/ba-p/23...
What is the format of the logs which will be send to external solution ? Text ? Binary ?
>>>>Format can be specified under config log syslog settings:
https://docs.fortinet.com/document/fortigate/6.2.1/cli-reference/352620/log-syslogd-setting
Does this solution is compatible with RFC3164 and RFC5424 style syslog messages ?
>>>> Fortigate supports RFC5424 - https://docs.fortinet.com/document/fortigate/7.2.0/supported-rfcs/874652/other-protocols
What are the solutions to secure the log flows between Firewall and external Syslog-NG?
>>>> The blog shared above explains the possible configuration options with Syslog-NG

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

NOC-Multistrada · ‎07-24-2023

Hai all

Thank you before,

The Syslog-NG server will user Public IP (internet), should I create the rule to send the log to Syslog server ?

Thank you

srajeswaran · ‎07-24-2023

Ideally you don't need a firewall rule/policy for traffic originated from Fortigate, you just need an active route to the destination. If you have VDOMS and traffic is across the VDOMs, you will need policies.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

NOC-Multistrada · ‎07-24-2023

is it could be realtime ?

srajeswaran · ‎07-24-2023

It is realtime.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Automatically log forwarding to external solution - Firewall Fortnet

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website