Hello,
I am experiencing issues when sending logs from a FortiGate 60E device running FortiOS v5.6.4 to a Logstash server using syslog over TCP. Upon inspecting the packets reaching the log server, I can see the traffic arriving correctly, but the logs contain messages like:
2024-10-03T18:06:49.773760+00:00 169.254.106.82 <greeting />#015
2024-10-03T18:06:59.924314+00:00 169.254.106.82 <greeting />#015
2024-10-03T18:07:10.093023+00:00 169.254.106.82 <greeting />#015
Instead of the complete data I need (ACK, hostnames, etc.).
The same setup works fine on another FortiGate device sending logs via UDP, but in this case, I do not have the option to configure the transport mode as UDP on the Caseros device. I've tried different configurations, including adjusting the log severity and filters, but the issue persists.
My questions are:
Here is my current configuration:
config log syslogd setting
set status enable
set server "10.102.139.28"
set reliable disable
set port 514
set facility local7
set source-ip "169.254.106.82"
set format csv
end
Any guidance would be greatly appreciated, as collecting the correct logs is crucial for my infrastructure.
Thank you for your help.
Best regards,
Agustín
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
set reliable disable , means UDP, enable means TCP
set reliable {enable | disable} Enable/disable reliable logging (RFC3195).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.