Hi, we just bought a pair of Fortigate 100f and 200f firewalls. However, even despite configuring a syslog server to send stuff to, it sends nothing worthwhile.
Things I’d like to see: Failed logon attempts, #, ip address, username
Any action taken by IPS to ban/timeout said IPs
Portscans done on our public facing IPs
Any malicious attacks detected that are sent our way
I thought this would be easy to do but haven’t been successful figuring out where to configure any of it. Is this possible on Fortigates?
Absolutely possible! However you'll have a heck of a time doing what you want by just sending to syslog server.
Highly suggest you look at logging to FortiCloud or FortiAnalyzer (you can run a free trial VM). You will get much more out of it that way.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.