Hi, we just bought a pair of Fortigate 100f and 200f firewalls. However, even despite configuring a syslog server to send stuff to, it sends nothing worthwhile.
Things I’d like to see: Failed logon attempts, #, ip address, username
Any action taken by IPS to ban/timeout said IPs
Portscans done on our public facing IPs
Any malicious attacks detected that are sent our way
I thought this would be easy to do but haven’t been successful figuring out where to configure any of it. Is this possible on Fortigates?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Absolutely possible! However you'll have a heck of a time doing what you want by just sending to syslog server.
Highly suggest you look at logging to FortiCloud or FortiAnalyzer (you can run a free trial VM). You will get much more out of it that way.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1094 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.