Hello,
After making a research regarding of the (im)possibility to make it work, and some tests on FAZ 7.4.x, I wonder if this is feasible or even in the roadmap. Apparently the log parsers can be assigned to a device only if it is recognized as Fortinet, and appears first as unauthorized. However, sending syslog to FAZ from any device seems to store the logs into the Syslog ADOM, but when you try to assign a parser it's not possible because there is no device to select. Also, even if the logs would come from a Fortinet device (e.g. FortiSOAR), the docs say they would be parsed and inserted in a "SIEM db". But how can the latter be used?
Any ideas?
Thank you
Cristian
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I think the feature you're looking is in FortiSIEM -- SIEM Solutions & Tools | Get Best Enterprise SIEM Software | FortiSIEM
Thanks for your answer. However, I would like to understand the functionalities available in FortiAnalyzer, the role of the parsers, which devices sending syslog can be integrated in FAZ, and how can be the SIEM DB used in FAZ.
Hi @CrisPete ,
In Incidents & Events > Log Parser > Log Parsers page, you may enable a parser there. i.e. syslog.
Then go back to Incidents & Events > Log Parser > Assigned Parsers page, create a new one, you can select that enabled parser in the Application.
Not sure whether this is what you need.
Hi dingjerry, thanks for your reply. The problem is that I already tried this, and although in ADOM Syslog I see the device (and also the logs, but not parsed), even if the Syslog parser was enabled, when I want to assign it the operation is impossible because there is no device in the list.
Hi @CrisPete ,
I hope that there is some info in this doc for you:
https://docs.fortinet.com/document/fortianalyzer/7.4.0/custom-log-parsers/88208/introduction
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.