Hello , can a fortigate use a fortianalyser and at the same time be configured to send syslogs to another host (a SIEM solution)
Thanks
Yes you can run a syslog and faz at that same time. If you need to send to more than 1+ syslogs, use the cli
to configure the syslog-targets
PCNSE
NSE
StrongSwan
thanks for the info.
Interested in this as well as I am doing the same thing.
I can see that you can configure multiple syslog in the CLI but would like to know if the Syslog config overrides the Fortianalyzer config as it does in the GUI.
If I enable FAZ and Syslog via web GUI then Syslog overides and does not send logs to FAZ, or so I have been informed.
Does the config need to be done specifically in the CLI ?
Thanks
Hi
When configuring multiple Syslog servers (or one Syslog server), you can configure reliable delivery of log messages from the Syslog server. Configuring of reliable delivery is available only in the CLI.
If VDOMs are enabled, each VDOM will use the default FortiAnalyzer/Syslog server, but an individual override can be enabled in the CLI, allowing you to specify a different FortiAnalyzer/Syslog server for that VDOM
Most FortiGate features are, by default, enabled for logging. You can disable individual FortiGate features you do not want the Syslog server to record, as in this example:
config log syslogd filter set traffic {enable | disable} set web {enable | disable} set url-filter {enable | disable} end
To enable/disable override settings per-VDOM
config log syslogd override-filter set override {enable | disable}
end
Same for FortiAnalyzer but instead of syslogd use fortianalyzer.
http://docs.fortinet.com/uploaded/files/1084/fortigate-loggingreporting-509.pdf
Yes, you have to make those changes via CLI. RegardsSelect Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.