Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
albaker1
Contributor

How to configure syslog to use "Threat Weight" on FortiManager

Our FTM is running 7.2.2 and our FTG's are running 7.2.4. These are relatively new installations, and we're trying to trim the amount of syslog traffic to our SIEM. On the FTM at Device Manager > [FortiGate] > Log & Report > Threat Weight, there are several security settings. I don't see where to apply these to the syslog settings, nor can I find any documentation to do so. The "Log Threat Weight" is enabled. We do not have FortiAnalyzer. Is there a way to configure syslog to send security-related info that can be ingested into our SIEM without having a bunch of extra fluff? Thanks

1 Solution
gfleming
Staff
Staff

I don't believe Threat Weight is what you want here.

 

What you want is to filter your FortiGate logs that are being sent to your SIEM.

 

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/250999/log-settings-and-targ...

Cheers,
Graham

View solution in original post

2 REPLIES 2
gfleming
Staff
Staff

I don't believe Threat Weight is what you want here.

 

What you want is to filter your FortiGate logs that are being sent to your SIEM.

 

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/250999/log-settings-and-targ...

Cheers,
Graham
albaker1

OK. That's what we are doing right now. I think on a previous version of code, I saw something with SIEM in the logging configuration. Could be mistaken. Thanks for your input.

Top Kudoed Authors