Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TBC
Contributor

Fortiweb Syslog Attack Message to Syslog Server

Hello,

what Facility settings i need to use to log Attack Messages to my Syslog Server?

Or better one to log everything to the Syslog Server.

I try Loglevel Debug an local use 7 but no luck

 

Many thank's

TBC

2 REPLIES 2
abelio
SuperUser
SuperUser

Hello,
No problem with that for me at least, i'm running 6.41 firmware version

Attack logs are coming into our syslog.

A few checks to consider:

- If your Syslog Policy is defined with TLS enabled, your syslog server should listen in 6514/TCP port
- try with the traditional 514/UDP syslog port (disable TLS and configure 514 port in syslog policy)

Verify with a sniffer that logs are actually sent to  Syslog IP server.

 

Hope it helps

 

 

 

 

 

regards




/ Abel

regards / Abel
TBC

Hello abelio,

again many thanks.

I have installed in Graylog the graylog3.Fortigate6xContentPack-master\graylog3.Fortigate6xContentPack.json which is only "FortiGate Raw/Plaintext UDP".

With that one all logs are receiving with graylog.

With tcp TLS i'm not very lucky, sometimes i get some logs but with 1 our delay.

 

I have to look again if there is a other solution to get it running with tcp/tls but for the moment i see my logs :)

 

Many many thank's

Tbc

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors