Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
karim1
Visitor

Configuring FortiEMS to Forward Additional Syslogs Logs to Wazuh SIEM

Hello everyone,
I am currently configuring a SIEM solution (Wazuh) and have successfully set up log forwarding from FortiEMS via syslog. However,  the logs I am currently receiving on the SIEM are as follows:

  • Status change of FortiClient to online
  • FortiClient status marked as offline by EMS
  • FortiClient IP address changes

I would like to capture additional logs, such as those generated by the vulnerability scanner, antivirus, web filter, and other security features. Could you advise on how to configure FortiEMS to send these additional logs to Wazuh?

2 REPLIES 2
ebilcari
Staff
Staff

You may need a FortiAnalyzer to collect the logs from the FortiClients first than forward them to the 3rd party SIEM. The steps are also shown in this article.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
karim1

Thank you for your response @ebilcari.
However, Is there a way I can use syslog to send logs directly to the SIEM without going through a FortiAnalyzer since we don't own this solution.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors