Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mic_pin
New Contributor

Created on ‎08-31-2023 01:25 AM

Successful VPN login event not sent to external syslog server

FortiGate 1100E with FortiOS v6.4.14 build2093 (GA) 

We have a SIEM to collect and correlate events from multiple sources. On Fortigate we have configured SIEM as an external syslog server and it work well BUT i've noticed that only failed ssl-vpn login were sent. 

 

Any idea how to configure Fortigate to sent also successful ssl-vpn login to external syslog?

 

Thanks

Labels:
1692
0 Kudos
1 Solution
srajeswaran
Staff
Staff

Created on ‎08-31-2023 01:35 AM Edited on ‎08-31-2023 01:35 AM

The severity for success and failure logs might be different and that could be the reason for the behavior.

Can you check the severity for both events and then check the syslogd filter config using "get log syslogd filter".

You can modify the filter under config log syslogd filter

ref: https://docs.fortinet.com/document/fortigate/6.4.6/cli-reference/435620/config-log-syslogd-filter
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-syslog-filters-on-to-send-only-speci...



 

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

1684
0 Kudos
3 REPLIES 3
srajeswaran
Staff
Staff

Created on ‎08-31-2023 01:35 AM Edited on ‎08-31-2023 01:35 AM

The severity for success and failure logs might be different and that could be the reason for the behavior.

Can you check the severity for both events and then check the syslogd filter config using "get log syslogd filter".

You can modify the filter under config log syslogd filter

ref: https://docs.fortinet.com/document/fortigate/6.4.6/cli-reference/435620/config-log-syslogd-filter
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-syslog-filters-on-to-send-only-speci...



 

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1685
0 Kudos
mic_pin
New Contributor
In response to srajeswaran

Created on ‎08-31-2023 01:55 AM

Thanks for your prompt and kindly reply. Lowering syslog min notification level to "information" let me collect also successful VPN login.

1678
0 Kudos
madra29
New Contributor

Created on ‎08-31-2023 08:18 AM

We had this same issue a few weeks ago, but they were trying to do it against our clientless vpn. Fortunately everything on our CVPN has it's own web front now so we didn't have a need for it anymore and we just shut it down. Our client requires an email address so you can't even attempt just a username.
I had opened a ticket with support and was told they couldn't tell me how they were attempting the logins to generate the log but that the firewall was handling them as designed by not allowing them because they weren't in the allowed list.

10.0.0.0.1 192.168.1.254
10.0.0.0.1 192.168.1.254
1657
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.