Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

enable syslog with kiwi

hi. would i capture all user traffic with url record and transfer to kiwi syslog throught fortinet syslog function. Which " minimum log level" and " facility" i have to choose. Thanks
8 REPLIES 8
hidayet
New Contributor II

Hi Tonycd, Minimum log level - Information Facility - local7
http://www.hidayetaltun.com
http://www.hidayetaltun.com
SECCON1MC
New Contributor

Just an FYI, the traffic logs contain the stats for session bandwidth. The web-filter logs contain the information on urls visited (within a session). You will have to do a lot of parsing, crunching, and correlating to get that data into a single logical " row" of information. Good luck!
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
Not applicable

thanks all..but i can' t see any url from the syslog. what i did wrong..
SECCON1MC
New Contributor

make sure everything is enabled that you would want via:
config log syslogd filter
Also make sue you are set to log everything in the protection profile you are using.
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
rwpatterson
Valued Contributor III

Unlike the FortiAnalyzer, I think the syslog only outputs IP addresses.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
SECCON1MC
New Contributor

rwpatterson - which field are you referring to? I am almost 100% sure that the syslog logs have everything available in it that fortianalyzer logs have. We use the FortiAnalyzer protocol for our service (which allows for easy 3DES encryption of the stream and a DLP of coarse) but have used the syslog transport method in the past without degradation of the available log data.
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
rwpatterson
Valued Contributor III

LOL! You' re probably right. The one syslog server I set up was capturing inbound traffic. Hence no URI information, duh!

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Not applicable

may i was misleading you guys that i want to capture the user traffic log without using fortianalyzer. Thanks all again....
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors