Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SirichaiJi
New Contributor

Sending syslog files from a FortiGate unit over an Site to Site tunnel

I have 2 site FTG both are 50E and Nas server is Qnap. 2site was connected by VPN Site 2 Site.I planned 2 site send log to NAS server

HQ can record log to NAS (192.168.10.26) because in the same subnet. But Brand site can't send log to NAS.

 

In this moment Brand site dont have log record . How can setting ?

 

Regards

Sirichai

 

HQ 192.168.10.0/24

      Nas 192.168.10.26

 

Brand 192.168.100.0/24

9 REPLIES 9
Markus
Valued Contributor

Do you have a policy in place? ---   Brand FTG --> Tunnel -->  NAS --> Syslog   --- Do you have set the source IP in syslog config? conf log syslogd* setting --> set source ip = 192.168.100.xx (your brand FTG interface IP) Best,

Markus


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
SirichaiJi

In Policy i think didn't set Can you tech me please

 

I config like this . For HQ send log is worked.

 

Note : I New for fortigate 


######Brand Site#######
config log syslogd setting
    set status enable
    set server "192.168.10.26"
    set reliable disable
    set port 514
    set facility syslog
    set source-ip ''
    set format default
end

 

#######HQ Site#######
config log syslogd setting
    set status enable
    set server "192.168.10.26"
    set reliable disable
    set port 514
    set facility syslog
    set source-ip ''
    set format default

 

Markus
Valued Contributor

on your Brand Site you have to configure source ip in the log settings config log syslogd setting

set source ip 192.168.100.xx   [style="background-color: #ffff00;"]-->   this is your brand office FTG Interface IP[/style]

 

[style="background-color: #ffffff;"]On your HQ FTG you have to enable syslog to your NAS [/style]

[style="background-color: #ffffff;"]Go to Policie and Object and add a new rule[/style]

[style="background-color: #ffffff;"]Source interface = your vpn interface[/style]

[style="background-color: #ffffff;"]Destination interface = the interface where the NAS is connectet (I assume this is Internal or LAN)[/style]

[style="background-color: #ffffff;"]Source adress = all (or make under addresses one new object for your Brand FTG)[/style]

[style="background-color: #ffffff;"]Destination Address = your NAS[/style]

[style="background-color: #ffffff;"]Service = Syslog[/style]

 

[style="background-color: #ffffff;"]In cli the policy should look like this[/style]

 

[style="background-color: #ffffff;"]conf firewall policy[/style]

[style="background-color: #ffffff;"]edit # "the number of the policy"[/style]

[style="background-color: #ffffff;"]show[/style]

set srcintf "Your BRAND FTG VPN Interface" set dstintf "Your [style="background-color: #ffff99;"]HQ FTG[/style] LAN/Internal Interface"

set srcaddr "ALL" or "Your [style="background-color: #ffff99;"]BRAND FTG[/style] LAN/Internal Interface"

set destination "Your NAS" e.g. 192.168.10.26

set action accept

set schedule always

set service syslog


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
SirichaiJi

I config like this . How to test it work ? 

config firewall policy
    edit 36
        set name "LOG from Brand"
 
        set srcintf "S2S-XXXXX-XXX"
        set dstintf "VLAN24"   ## Vlan is 192.168.10.24/29 
        set srcaddr "all"
        set dstaddr "VLAN24"
 
        set action accept
        set status enable
        set schedule "always"
 
        set service "SYSLOG"
config log syslogd setting
    set status enable
    set server "192.168.10.26"
    set reliable disable
    set port 514
    set facility syslog
    set source-ip "192.168.100.1"
    set format default
end
Ashik_Sheik

Hi,

 

Check if you can see any logs on sylog server .Also allow ping in the HO policy to check the reachablity to syslog server from branch device 

 

Command to ping from branch device is :

 

Exe ping-option source 192.168.100.1

Exe ping (Syslog server IP)

 

Ashik

Sheik Mahammad Ashik
Sheik Mahammad Ashik
SirichaiJi

still not work

Ashik_Sheik

Hi

 

Just run below sniff commands and check if icmp traffic is reaching to HO FGT

 

FGT-HO# diagnose sniffer packet any “(host 192.168.100.1) and icmp” 4

 

Branch : -Do source ping from fortigate .

 

FGT-BR: exe ping-option source 192.168.100.1 

FGT-BR:exe ping (NAS IP)

 

Rgeds,

 

Ashik

Sheik Mahammad Ashik
Sheik Mahammad Ashik
SirichaiJi

Hi, still not working , IN HQ- I've design with VLAN 
something wrong ?
FTG-HQ: Incoming : VPN site to site interface
Outgoing : NAS (Vlan24) # 192.168.10.25.GW (192.168.10.24/29) # NAS is 10.26
Source : BR-Lan # 192.168.100.0/24
Destination : NAS LOG #192.168.10.24/29
Service : Log
Action
Nat : Off
Log all session


FTG-HQ:
# diagnose sniffer packet 192.168.100.1 icmp4
interfaces=[192.168.100.1]
filters=[icmp4]
pcap_open_live: 192.168.100.1: No such device exists (SIOCGIFHWADDR: No such device) for 192.168.100.1
 
execute ping-options source 192.168.100.1
 
FTG-BR $ execute ping 192.168.10.26
PING 192.168.10.26 (192.168.10.26): 56 data bytes
64 bytes from 192.168.10.26: icmp_seq=0 ttl=63 time=2.8 ms
64 bytes from 192.168.10.26: icmp_seq=1 ttl=63 time=2.7 ms
64 bytes from 192.168.10.26: icmp_seq=2 ttl=63 time=2.7 ms
64 bytes from 192.168.10.26: icmp_seq=3 ttl=63 time=2.7 ms
64 bytes from 192.168.10.26: icmp_seq=4 ttl=63 time=2.7 ms

 

FTG-BR:

$ show log  syslogd setting 
config log syslogd setting
    set status enable
    set server "192.168.10.26"
    set facility syslog
    set source-ip "192.168.100.1"
end
SirichaiJi

Hi, I checked log file. The log both site has been record. But in the file log was record both site in 1 File. I want to 2site 2 file 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors