Pratik You have a few choices one you already rule out ( FAZ ). 1: Forticloud imho okay but not a real solution for serious logging. Logging is external hosted. But all logging traffic is secured. Bad thing with Forticloud, you can only download the raw logs and have no direct hooks into grabbing the database. So I guess you could build something to grab the event and throw them into mySQL. Forticloud is great for what it was designed ( a toying around solutions for SMB imho ) Not for a DC nor for anybody doing any thing serious imho 2: Kiwi Syslog server, It' s cheap and simple but windows based ( yuck ! ) http://www.kiwisyslog.com/products/kiwi-syslog-server/faq.aspx#FAQLink25 Uses standard syslog connection, logs are in a database SQL format if I believe and IIRC you can read directly into the database. I used it in past lives & roles, and it works great as long as you properly maintain the window-server. I really wish they would make a linux or maosx port. It' s a very cheap solution like under $350.00. And yes I hate anything that has MS server involved and for logging :) 3: You have the FAZ. A great product that' s simple to manage and config. But as you properly realize it can be pricey if you want to scale very large. It' s good device but very restricted if you scale & your out grow your FAZ. Fortinet sales will tell you the best thing since sliced bread but ask them if they have a product that can scale to 1000+ devices support windows linux fortigate cisco juniper etc..... And with custom graphing. The answer simply no & what they have," is costly for what you get" ? 4: Syslog-NG with mySql support works great but I haven' t figure out how to secure log writes into mysql connection. So logging is not encrypted. 5: You setup a syslog server with splunk on top. Great for a log cruncher. Can be slow at crunching logs thu. I believe splunk allows for the reading log into splunk from mysql but I don' t know if you can write to a mysql database. 6: You setup a syslog server with sawmill on top. Sawmill allows you to write out to a database with ease. Greatly supported and they will work with any syslog format. But like splunk it' s design to read in logging messages and provide filters, views, reports,etc.... 7: You have a host of commercial devices that does this. LogRythmn & ArcSight Log connector,etc...None of theses uses mysql tho and I believe it' s not even Sql. Can be greatly $$$$$$, but are good at what their designed to do. Basically what is your budget? How much log data do you expect ? How big of a database do you expect? How much syslog traffic do you need? Do you need reliable syslog (tcp) ? The fortigate can' t write directly into a SQL database,but you will need a middle-man in order to do this. As you need more advance features and flexibility, the price would go up in whatever logging solution you deploy. I would start with syslog-ng+mysql. Give that a spin and judge from that. I work on a logging, SIEM, and oob management network that geared for security devices ( router/switch/firewall/hosts/etc... ) and we record over 400-900+MB of syslog logging events for just security events from firewalls-only & out of one datacenter and we are not even past the 20% mark, we are over budget, and 2 years behind schedule. So what do you need? How big of logging scope have you defined ?