Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amelio
New Contributor

Using FortiAnalyzer as a SysLog Server?

Hey friends. I have a task that is basically collecting logs in a single place. We have FG in the HQ and Mikrotik routers on our remote sites. They are all connected with site-to-site IPsec VPN. My question is, can I use FAZ as a Syslog server to collect all the logs in a single device? Or FAZ is just for log analyzing?

Thanks in advance.

Appvalley tutuapp
3 REPLIES 3
adambomb1219
Contributor III

Yes FortiAnalyzer can ingest syslog from 3rd party devices: https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-add-a-third-party-device-to-Fo...

 

Just make sure to watch your gigabytes per day licensing.  

Cajuntank
Contributor II

Yes, you can use your FAZ as a syslog server to collect and consolidate logs to a single device. I use mine to collect syslog from about 2 dozen or more (non Fortinet) devices. You would flip the toggle switch on the dashboard to Administrative Domain to allow for multiple ADOMs. One of these ADOMs would be Syslog where any new syslog device, you would add to this Syslog ADOM. You can then also define and tailor your storage needs for that specific ADOM as needed. As an aside, other ADOMs are available to you for logging from other Fortinet products as well like FortiMail, FortiSandbox, FortiWeb, etc... Syslog is the one that is agnostic of the Fortinet brand.

aagrafi1
New Contributor III

Yes, you can. But the logs will be raw, unformatted. The FAZ should have ADOMs enabled and the syslog will be stored at a "syslog" ADOM, specially created by the system for this case. Have a look here:

https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-add-a-third-party-device-to-FA...  

Labels
Top Kudoed Authors