Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
b_rod
New Contributor

Created on ‎03-05-2025 09:36 AM

Customizable Syslog CEF output/format for Fortigate's?

Hi All,

 

I did some digging and even opened a case with support and I came up empty handed on this topic.

 

We are wondering if the syslog CEF output can be customized? The primary goal is to trim down the size of the logs to just the data we need before ingestion to our SIEM. On PANs we could do this fairly easily, curious if an on box way exists to do with Fortigates.

 

We are running 7.2 code on 200Fs.

 

Thanks

Labels:
1625
0 Kudos
5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Created on ‎03-09-2025 09:59 PM

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
1591
Anthony_E
Community Manager
Community Manager

Created on ‎03-13-2025 01:49 AM

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Thanks,

Anthony-Fortinet Community Team.
1557
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎03-14-2025 01:16 AM

To customize the syslog CEF output/format for FortiGate, you can configure the syslog settings to send log messages in CEF format.

  1. Access the CLI: Log in to your FortiGate device using the CLI.
  2. Configure Syslog Settings: Enter the syslog configuration mode:

config log syslogd setting

 

Set the format to CEF:

 

set format cef 

 

End the configuration: 

 

end

 

Additional Configuration: You can configure other syslog settings independently of the log message format, such as the server address and transport protocol (UDP or TCP). - Filtering can also be configured for both CEF and CSV formatted log messages.

Verify Configuration: To confirm the current format used to send Syslog messages, use the following command: 

 

show full-configuration log syslogd setting | grep -i format

Anthony-Fortinet Community Team.
1548
robinh007
New Contributor III
In response to Anthony_E

Created on ‎04-23-2025 02:29 AM

Thank you @Anthony_E 

RH007
RH007
1325
JFMM
New Contributor

Created on ‎04-22-2025 09:55 PM

Hi Anthony,
I was looking for same configuration to customize the output of the Logs that send to SIEM, so we could trim the log size and have a better size of logs ingestion to the SIEM
For reference that Palo Alto PAN-OS could customize the the Log Format before send to SIEM, attached the PAN-OS Configuration Menu

 

PAN-OS CustomLog.jpg

 

Is there any way out to the same on Fortigate?

1342
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.