Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Waloo5
New Contributor III

FortSIEM and Firewall FortiGate and FortiAnalyser

Hi all,

I want to know the best practice of implementing firewalls logs in FortiSIEM.

I have 10 Firewalls Fortigates and all are loged in FortiAnalyser and my question is I configure syslog 

Amir
Amir
2 REPLIES 2
AEK
SuperUser
SuperUser

Hi Waloo

Regarding which logs you send, just send all logs to FortiSIEM, I mean UTM logs, all traffic logs, event logs, ... all, don't leave anything.

Regarding integration, check this for more details.

https://docs.fortinet.com/document/fortisiem/7.1.4/external-systems-configuration-guide/751381/forti...

On the other hand you can also configure log forwarding from FAZ to FSM if you don't want to send to both from FGT.

https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-Integrate-FortiAnalyzer-and-FortiSIEM/...

AEK
AEK
Waloo5
New Contributor III

Thx AEK for your repli.

My question is to Know the Best practice of intégration in fortiSIEM, to have logs from all firewalls FGT or only from FortiAnalyser.

And second question if I intégred only FortiAnalyser it's deduce only one licence or nombres of all firewalls ?

Amir
Amir
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors