Hey friends. I have a task that is basically collecting logs in a single place. We have FG in the HQ and Mikrotik routers on our remote sites. They are all connected with site-to-site IPsec VPN. My question is, can I use FAZ as a Syslog server to collect all the logs in a single device? Or FAZ is just for log analyzing?
Yes, you can use your FAZ as a syslog server to collect and consolidate logs to a single device. I use mine to collect syslog from about 2 dozen or more (non Fortinet) devices. You would flip the toggle switch on the dashboard to Administrative Domain to allow for multiple ADOMs. One of these ADOMs would be Syslog where any new syslog device, you would add to this Syslog ADOM. You can then also define and tailor your storage needs for that specific ADOM as needed. As an aside, other ADOMs are available to you for logging from other Fortinet products as well like FortiMail, FortiSandbox, FortiWeb, etc... Syslog is the one that is agnostic of the Fortinet brand.
Yes, you can. But the logs will be raw, unformatted. The FAZ should have ADOMs enabled and the syslog will be stored at a "syslog" ADOM, specially created by the system for this case. Have a look here:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.