Help
FortiSIEM Discussions
pradarsha
Staff
Staff

Created on ‎08-15-2023 10:11 PM Edited on ‎08-22-2023 12:56 AM

Collect custom application logs to fotiSIEM

Dears,

 

How do we collect custom application logs (raw logs) to FortiSIEM, where the logs are stored in a windows server- folder / file with ext .log/.csv/.txt etc format.?

 

To be specific --

 

If a device is unsupported by fortisiem and we need to collect raw logs and develop a parser for the same. How do we

1. collect logs from a file or folder with .txt or .log or .CSV format files

 

2. Custom application that writes logs in a Database.  where we can write a query to collect specific data from the DB tables only.

 

** post collecting the raw logs we can write a parser to normalize the logs.

FortiSIEM  

Adarsha P R
Labels:
1512
0 Kudos
4 REPLIES 4
chiklya1
New Contributor

Created on ‎08-16-2023 08:22 AM

We're sending logs from FortiGates, AD (log ins, DNS, DHCP) and from our antivirus/mail product. It doesn't seem right to limit the logs, as we might not send the relevant logs... also we could switch from the current AV/mail products to FortiNet products too as they are expiring next year or so and I believe FortiClient and FortiMail would be great also.

VidMate
VidMate
1494
0 Kudos
pradarsha
Staff
Staff

Created on ‎08-22-2023 12:54 AM Edited on ‎08-22-2023 12:57 AM

Hi,

AD, DNS, DHCP are supported by FortiSIEM.We can pull the logs either by an agent or wmi or other options,  but my query is specific to the devices/applications that are unsupported by FortiSIEM. 

Adarsha P R
1445
0 Kudos
Secusaurus
Contributor III

Created on ‎05-18-2025 10:41 PM

Hi @pradarsha,

 

First of all: You will need to deploy a Windows Agent there to do so.

 

For the first usecase (custom log files), the easiest way is to use "User Logs" in the Agent template (see documentation: https://help.fortinet.com/fsiem/7-3-2/Online-Help/HTML5_Help/Configuring_Windows_Agent.htm)

 

The second usecase is possible but requires some custom modification. In the Windows Agent Template definition, use the script settings and add a custom powershell script here to do you query. Everything that is returned from the script, is written as raw log to your system. So, from there on, you can write your parser.

 

Best,

Christian

FCX #003451 | Fortinet Advanced Partner
FCX #003451 | Fortinet Advanced Partner
61
lbahtarliev
New Contributor II

Created on ‎05-21-2025 10:23 AM

Hi @pradarsha ,

 

I have developed quite useful and unified, python based "connector" tooling, that utilizes pyodbc and generic odbc setup, official sql db drivers and so on, and I run it on any of the collectors in the infrastructure. This supports WHERE clauses, which are easily customizable, a bunch of other features, and on the top of it all - it pushes the events via the REST JSON API. So making parsers is a breeze. 

 

Drop me a message if you are interested, and we can setup a quick call to show you the solution, as well as help you to test it out. Moreover, any ideas or thoughts on it would be highly appreciated.

 

Cheers,

Lyuben

URLs point to web pages, not to people.
URLs point to web pages, not to people.
32
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.