Hi emnoc, thanks for your answer just as I feared there are no other options. 1) would be the best for everyone using one of the " low end" devices and from a technical point of view that would be no problem. I understand that Fortinet doesn' t support it because they want to sell their products (Fortianalyzer). Maybe good for them but bad for the customer. 2) syslog is ok for long term logging and analysis/reporting but not for realtime troubleshooting. 3) expensive and over-the-top for small offices. 4) that' s good news. So we can use it for troubleshooting and maybe combine it with syslog (for long term logging). 5) I think as long as the box is alive we' ll keep it, later... let' s see ;-) I know that forticloud uses SSL encryption but this just means that transport is almost secure. My concerns about ANY cloud solution are that I don' t trust them ;) Firewall log data contains confident information like internal IP adresses, host names, services, etc. and should not be stored outside the company (except if it is encrypted before sending using own keys). That might sound paranoid but in europe where I' m from we are very sensitiv about data privacy.

Hi, if you really need it for real time troubleshooting, you will not get much out of the logs produce by the FortiGate. The only thing you will see is maybe that something is not working, but no why. For this you need to go to the CLI and run some debug commands anyway, I think syslog would fit perfectly for you. Also what do you think the time difference will be if you send the logs via syslog, a few seconds? Kind regards, Oliver

I know that forticloud uses SSL encryption but this just means that transport is almost secure. My concerns about ANY cloud solution are that I don' t trust them ;) Firewall log data contains confident information like internal IP adresses, host names, services, etc. and should not be stored outside the company (except if it is encrypted before sending using own keys). That might sound paranoid but in europe where I' m from we are very sensitiv about data privacy.

I' m too in EMEA area and we are using a private cloud provider using virtual-instances that we managed ( via AWS and Telefonica ) Since the cloud is our DR site in some instances, we have a remote-syslog server and a collection server at the primary sites. This runs the syslogd with it exporting all logging via tcp to the cloud instance that we control. That should cover any security concern. Except now that I think about it, how secure is the virtual-instance from the provider eyes I guess you could use filesystem/diskencryption if you need that level of data security for data sitting at a rest. Based on your concerns, you really have 2 choices; 1: fortinet analyzer ( granted it' s good but now worth the $$$$.$$ imho, & more so if you have crafting sysadmin and knowledge over a logging cruncher and viewer like splunk, etc.... 2: local syslog daemon server and optionally a roll-up collector if your talking about multiple sites Forticloud should NOT be looked at as a true logging services. Even with the addon 200gb (iirc) optional it was never built or sold as a enterprise level logging services. And limited the data present per devices. Also if you path to foricloud is broken ( a few months ago i had just that problems ) than gaining access to the logging is almost as good a tits on a boar hog. Looks good but not effective for producing milk What you really need to ask your self these questions; 1: how much log data do you estimate per hour/per day/per month ? 2: do you have more than 1 site 3: do you need a centralize collection 4: do you need log analysis and correlation 5: are you logging other systems ( router/switches/unix/window host etc....) 6: do you need loggng rollup and can push logs 7: do you picture the need for logging compression 8: how much security do you need in logging transportation and storage 9: how much log retention do you need 1 week 2 months 1 year , etc... 10: do you have any regulatory compliance or auditing for log info fwiw, I' m logging over 400mb of logs per-day on avg & just on the fortigate stuff alone We have 8 sites to date with 8 more coming by Q1-2 2015 if I had to guess We have a big gap in logging rt/switch gear btw We have approx 400+ devices in the core/host network and that number would triple by end of 2015 if i had to guess We have built a independent OOB and management network for logging transmission & management of our systems that independent of the main data path We played with logging over multicast at one given time We have 800+ u/linux hosts that need logging collection and log rollup So Forticloud was quickly eliminate and much the same for fortianalyzer. We actually threw all of the fortianalyzer outs a year + ago due to our logging demands where to grow over years time. forticloud is good for playing around, and for SOHO/SMB operations but that' s just about it imho FAZ is good for a sml to med enterprise but as you start to explore it, you will find it ha a lot of gap Same for the fortimanager, it too does some degree of logging but it' s has even bigger gaps just my 2cts input

Hi, after some internal discussions we have made our decision. We discontinue selling Fortinet products. The main reason is that our longstanding distributor has cancelled their contract with Fortinet. We' ll continue with Checkpoint (our main firewall vendor) for our larger customers. For the SMB business we' re currently evaluating. Maybe we go for Sonicwall, let' s see... Thank you all for your thoughts and help. Kind regards