Hello everyone,
I am currently configuring a SIEM solution (Wazuh) and have successfully set up log forwarding from FortiEMS via syslog. However, the logs I am currently receiving on the SIEM are as follows:
I would like to capture additional logs, such as those generated by the vulnerability scanner, antivirus, web filter, and other security features. Could you advise on how to configure FortiEMS to send these additional logs to Wazuh?
You may need a FortiAnalyzer to collect the logs from the FortiClients first than forward them to the 3rd party SIEM. The steps are also shown in this article.
Thank you for your response @ebilcari.
However, Is there a way I can use syslog to send logs directly to the SIEM without going through a FortiAnalyzer since we don't own this solution.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.