Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
billp
Contributor

Syslog output has strange header

I am trying to eliminate or turn off a header that the Fortigate is sending to all log entries when I output to Syslog format. Using FortiOS 4.3.14. Each log line has an odd 3-digit " header" at the start of each log message and I am not able to figure out what it means. It is one of three codes (<188>, <189>, or <190>) on each line. Sample below.
 <190>date=2013-09-19 time=14:19:33 devname
 ....
 <189>date=2013-09-19 time=14:19:33 devname
 ....
 <188>date=2013-09-19 time=14:19:33 devname
 
Does anyone know what this is or how to turn it off?

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
2 REPLIES 2
billp
Contributor

Never mind :) I figured it out. It' s the PRI field for the syslog.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Si
New Contributor

Hi billp

I am also having issues with the PRI field in the syslog messages being sent to my syslog server i.e. <189> <190>.

Did you find a way to turn this off?

Also I am not getting attack logs received i.e. type="utm" and subtype="ips" even though I can see them in the GUI and in the CLI. Have you seen this type of issue on your systems?

Many thanks

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors