- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using FortiAnalyzer as a SysLog Server?
Hey friends. I have a task that is basically collecting logs in a single place. We have FG in the HQ and Mikrotik routers on our remote sites. They are all connected with site-to-site IPsec VPN. My question is, can I use FAZ as a Syslog server to collect all the logs in a single device? Or FAZ is just for log analyzing?
Thanks in advance.
- Labels:
-
FortiAnalyzer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes FortiAnalyzer can ingest syslog from 3rd party devices: https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-add-a-third-party-device-to-Fo...
Just make sure to watch your gigabytes per day licensing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, you can use your FAZ as a syslog server to collect and consolidate logs to a single device. I use mine to collect syslog from about 2 dozen or more (non Fortinet) devices. You would flip the toggle switch on the dashboard to Administrative Domain to allow for multiple ADOMs. One of these ADOMs would be Syslog where any new syslog device, you would add to this Syslog ADOM. You can then also define and tailor your storage needs for that specific ADOM as needed. As an aside, other ADOMs are available to you for logging from other Fortinet products as well like FortiMail, FortiSandbox, FortiWeb, etc... Syslog is the one that is agnostic of the Fortinet brand.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, you can. But the logs will be raw, unformatted. The FAZ should have ADOMs enabled and the syslog will be stored at a "syslog" ADOM, specially created by the system for this case. Have a look here:
![](/skins/images/EC12350B26E3A30E8BDB0075C9F4DA72/responsive_peak/images/icon_anonymous_message.png)