My firewall colleague states he is sending Firewall Fortigate event logs via syslog. I am looking to find them in the windows logs/syslog but I am not seeing the exact matches.

 

 

Where should I be looking other than event/Security logs to see them?

Anything I can require to configure )Like (Windows Firewall) to see these logs?

What should I tell my Fortigate FW admin to make sure he has completed to see the logs on hi end?

Specifically I would like to see these logs: 

https://docs.fortinet.com/document/fortigate/6.4.3/administration-guide/986892/sample-logs-by-log-ty...

 

Three buckets will be sent:

a. allowed based on inbound rules b. all logs to ssl vpn authentication c. all: all blocked and allow data from FW

 

I have UDP with ports 5014 and 514  in my windows firewall rule enabled. I am seeing a general:

 

"Task Category: Filtering Platform Packet Drop"

"Event ID:         5152

 

Where cani view the 

 

I do see this:

 

Application Information: Process ID: 0 Application Name: -

Network Information: Direction: Inbound Source Address: IP Source Port: 24403 Destination Address: IP Destination Port: 5014 Protocol: 17

Filter Information: Filter Run-Time ID: 69559 Layer Name: Transport Layer Run-Time ID: 13

 

Details:

 

-System  -Provider   [ Name]Microsoft-Windows-Security-Auditing   [ Guid]{54849625-5478-4994-A5BA-3E3B0328C30D}    EventID5152   Version0   Level0   Task12809   Opcode0   Keywords0x8010000000000000  -TimeCreated   [ SystemTime]2020-11-06T22:25:18.596165400Z    EventRecordID    Correlation  -Execution   [ ProcessID]4   [ ThreadID]1664    ChannelSecurity   Computerserver   Security -EventData  ProcessId0  Application-  Direction%%14592  SourceAddressxx.x.x.xx  SourcePort24403  DestAddressxx.x.x.xx  DestPort5014  Protocol17  FilterRTID69559  LayerName%%14597  LayerRTID13