Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Pushing logs to AWS Cloud Watch from AWS FortiGate

I'm running into a scenario where I need to push logs to AWS Cloud Watch from FortiGate and from there perform other activities.


It does give some thoughts, but I'm still wondering if I can push custom metrics like Memory to CloudWatch?

New Contributor

From Fortiweb support about the same question:
"After checking your query to send the logs to "AWS Cloud Watch", according to the following Amazon document,

Amazon CloudWatch Logs service allows you to collect and store logs from your own application and on-premises resources, which is available in the "Custom logs" category, you can use AWS Systems Manager to install a CloudWatch Agent, or you can use the PutLogData API action to easily publish logs.

Fortiweb supports "Syslog" and "SIEM" servers to store the logs remotely(referring to the attached picture).

For more information regarding this point, please check the "Configuring logging" section in the following document:

I would suggest checking whether CloudWatch could support getting logs from either Syslog or SIEM, then you may configure fwb to send logs to one of them."
I think it's a truly notable shortcoming not to be able to store WAF logs on CloudWatch for a product that is sold directly on the AWS marketplace.
The only alternative, quite ugly, is to install a syslog, send all the logs there and on the instance with the syslog enable the CloudWatch agent to write them back to CW Logs. But again, it's a bad method.


I agree, this is a huge limitation, and better integration into cloudwatch for FortiOS products is needed.

Top Kudoed Authors