How to configure syslog to use "Threat Weight" on FortiManager

albaker1 · ‎04-20-2023

Our FTM is running 7.2.2 and our FTG's are running 7.2.4. These are relatively new installations, and we're trying to trim the amount of syslog traffic to our SIEM. On the FTM at Device Manager > [FortiGate] > Log & Report > Threat Weight, there are several security settings. I don't see where to apply these to the syslog settings, nor can I find any documentation to do so. The "Log Threat Weight" is enabled. We do not have FortiAnalyzer. Is there a way to configure syslog to send security-related info that can be ingested into our SIEM without having a bunch of extra fluff? Thanks

gfleming · ‎04-20-2023

I don't believe Threat Weight is what you want here.

What you want is to filter your FortiGate logs that are being sent to your SIEM.

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/250999/log-settings-and-targ...

Cheers,
Graham

View solution in original post

gfleming · ‎04-20-2023

I don't believe Threat Weight is what you want here.

What you want is to filter your FortiGate logs that are being sent to your SIEM.

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/250999/log-settings-and-targ...

Cheers,
Graham

albaker1 · ‎04-21-2023

OK. That's what we are doing right now. I think on a previous version of code, I saw something with SIEM in the logging configuration. Could be mistaken. Thanks for your input.

How to configure syslog to use "Threat Weight" on FortiManager

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website