Hey friends. I have a task that is basically collecting logs in a single place. We have FG in the HQ and Mikrotik routers on our remote sites. They are all connected with site-to-site IPsec VPN. My question is, can I use FAZ as a Syslog server to collect all the logs in a single device? Or FAZ is just for log analyzing?
Thanks in advance.
Yes FortiAnalyzer can ingest syslog from 3rd party devices: https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-add-a-third-party-device-to-Fo...
Just make sure to watch your gigabytes per day licensing.
Yes, you can use your FAZ as a syslog server to collect and consolidate logs to a single device. I use mine to collect syslog from about 2 dozen or more (non Fortinet) devices. You would flip the toggle switch on the dashboard to Administrative Domain to allow for multiple ADOMs. One of these ADOMs would be Syslog where any new syslog device, you would add to this Syslog ADOM. You can then also define and tailor your storage needs for that specific ADOM as needed. As an aside, other ADOMs are available to you for logging from other Fortinet products as well like FortiMail, FortiSandbox, FortiWeb, etc... Syslog is the one that is agnostic of the Fortinet brand.
Yes, you can. But the logs will be raw, unformatted. The FAZ should have ADOMs enabled and the syslog will be stored at a "syslog" ADOM, specially created by the system for this case. Have a look here:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.