Hello guys
For a while I used FAZ to get the information from our FGT and reports, but the cost is relevant and then some questions have arisen.
The Syslog server has only the function of storing the data and FGT would not query this Syslog data, right?
Can we use the Syslog server to receive the data by hosting in a database so that we can make selects to extract information and thus to stop using the FAZ?
Which Syslog server would you indicate for this purpose and which can be used with FGT and other network assets?
Have you ever used any tool like Power BI to extract information instead of using FAZ?
Thank you for your support!
Hugs
Solved! Go to Solution.
The Syslog server has only the function of storing the data and FGT would not query this Syslog data, right?
Correct
Can we use the Syslog server to receive the data by hosting in a database so that we can make selects to extract information and thus to stop using the FAZ?
Correct
Which Syslog server would you indicate for this purpose and which can be used with FGT and other network assets?
You have many to use splunk is good , loggly is great , Alertlogic, and papertrails is ideal ( I'm using the latter in a few FGT/PANOS deployments for analysis and it works great for writing log triggers or "alerts" )
Have you ever used any tool like Power BI to extract information instead of using FAZ?
NO , see the above suggestions and review them.
A 3rd option if a remote-logging service solutions are pricey; is to build a log-server that inject the log messages into a sql database and then build a interface to SELECT FROM on the fields and and log-type. I have a business partner that could do this for you , contact me via PM and I will refer you to them.
Ken
PCNSE
NSE
StrongSwan
No it's not a issue and can be over come. Also you have a host of other support types CEF or Brief and CSV format. Splunk and syslog-ng for example has modules or addons for CEF format and others formats
http://socpuppet.blogspot.com/2017/08/fortios-cef-formatted-logs.html
http://socpuppet.blogspot.com/2018/03/fortios-logging-bried.html
You will have to test your support and what you need
PCNSE
NSE
StrongSwan
The Syslog server has only the function of storing the data and FGT would not query this Syslog data, right?
Correct
Can we use the Syslog server to receive the data by hosting in a database so that we can make selects to extract information and thus to stop using the FAZ?
Correct
Which Syslog server would you indicate for this purpose and which can be used with FGT and other network assets?
You have many to use splunk is good , loggly is great , Alertlogic, and papertrails is ideal ( I'm using the latter in a few FGT/PANOS deployments for analysis and it works great for writing log triggers or "alerts" )
Have you ever used any tool like Power BI to extract information instead of using FAZ?
NO , see the above suggestions and review them.
A 3rd option if a remote-logging service solutions are pricey; is to build a log-server that inject the log messages into a sql database and then build a interface to SELECT FROM on the fields and and log-type. I have a business partner that could do this for you , contact me via PM and I will refer you to them.
Ken
PCNSE
NSE
StrongSwan
Ken, I thought there was an issue with Fortinet using non-standard / extended syslog formats, that the various syslog servers had problems with. Is this no longer an issue?
No it's not a issue and can be over come. Also you have a host of other support types CEF or Brief and CSV format. Splunk and syslog-ng for example has modules or addons for CEF format and others formats
http://socpuppet.blogspot.com/2017/08/fortios-cef-formatted-logs.html
http://socpuppet.blogspot.com/2018/03/fortios-logging-bried.html
You will have to test your support and what you need
PCNSE
NSE
StrongSwan
Great info, thanks!
We have a short list of the finest free of cost SYSLOG Server Softwares here for the convenience of our users. Well! there are different kinds of free and paid software available in the market. You can browse and find out the best one. Here i like to talk about some software like Syslog Watcher is amazing software for handling log events that feature a multi-threaded design for improved performance. It means to say that the course of gathering logs and treating them is diverse and that’s why one does not restrict with the other. Because of it you are guaranteed that all events from all your devices are logged to the server. So in case you need to go in detail then you can go for this link https://appuals.com/the-5-best-free-syslog-server-softwares/ and find out a lot more.
Hmm not familiar with FAZ. Whether you store to syslog files or a database you would need to extract the data, for a database importing and extraction of syslog data can be complicated. we use a syslog server forwarding to graylog. I think Elasticsearch Logstash and Kibana (ELK) may be viable also but a bit more complicated that graylog and standard syslog.
Served 1,000,000 burgers
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.