Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
olivern4
New Contributor II

Created on ‎08-19-2024 03:25 AM

Fortigate Syslog Timer

Hi All,

 

I'm trying to find out how to configure our FG100D (6.2.14-FW-build1364-230411) to send to our Syslog Server (ELK) just every 5 mins. There is no option in the WebUI or even in the CLI to configure this. Is there any way to do this? All I can see is in the FortiAnalyzer option.

 

Thank you.

 

Oliver

Labels:
852
0 Kudos
2 Solutions
ozkanaltas
Valued Contributor III

Created on ‎08-19-2024 04:11 AM

Hello @olivern4 ,

 

Syslog is an instant protocol, so unlike FortiAnalyzer, there is no store-and-forward option on the FortiGate.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
844
SonaMuvv
Staff
Staff
In response to olivern4

Created on ‎08-19-2024 06:09 AM

Hello Oliver,

You can get Fortianalyzer/Fortianalyzer cloud license and then configure that on the Fortigate to send logs to Fortianalyzer every 5 minutes.

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/712303/configuring-fortianal...

But you cannot use ELK server ip to configure Fortianalyzer, because when you configure Fortianalyzer it will be configured in the security fabric, which uses separate daemon/ports to forward logs to FortiAnalyzer.

 

 

View solution in original post

802
4 REPLIES 4
ozkanaltas
Valued Contributor III

Created on ‎08-19-2024 04:11 AM

Hello @olivern4 ,

 

Syslog is an instant protocol, so unlike FortiAnalyzer, there is no store-and-forward option on the FortiGate.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
845
olivern4
New Contributor II
In response to ozkanaltas

Created on ‎08-19-2024 05:02 AM Edited on ‎08-19-2024 05:07 AM

Hi @ozkanaltas 

 


Thank you for the response.

Meaning there is no way to do this? Okay. Can I just use the FortiAnalyzer option instead as the Syslog? I will just add the IP address of the ELK server right?

Thank you.

Oliver

821
0 Kudos
SonaMuvv
Staff
Staff
In response to olivern4

Created on ‎08-19-2024 06:09 AM

Hello Oliver,

You can get Fortianalyzer/Fortianalyzer cloud license and then configure that on the Fortigate to send logs to Fortianalyzer every 5 minutes.

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/712303/configuring-fortianal...

But you cannot use ELK server ip to configure Fortianalyzer, because when you configure Fortianalyzer it will be configured in the security fabric, which uses separate daemon/ports to forward logs to FortiAnalyzer.

 

 

803
olivern4
New Contributor II
In response to SonaMuvv

Created on ‎08-19-2024 06:39 AM

Hi @SonaMuvv 

Thank you.

Oliver

787
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.