Configuring a Fortinet FortiManager to Send Syslogs

SecureChange Requester This topic is intended for TOS Administrators.

Overview

To monitor with full accountability, define TOS as a syslog server for each monitored FortiGate or FortiManager device. To get rule and object usage reporting, the FortiGate or FortiManager devices must send syslogs to TOS. To do this, define TOS as a syslog server for each monitored FortiGate or FortiManager device. This can be done by configuring SecureTrack as a Syslog server on the FortiGate firewalls or the FortiAnalyzer devices that receive the FortiGate logs. Afterwards, configure each firewall to allow the relevant traffic.

Syslog traffic must be configured to arrive to the TOS cluster that monitors the device - see Sending Additional Information via Syslog.

Syslog proxy is supported for specific devices. For more information on syslog proxy support for supported devices, see Configuring Devices to Send Logs.

Add TOS as a Syslog Server

  1. Run these commands to create a syslog server address:

    1. config system syslog

    2. edit New_syslog_server

    3. set ip <securetrack_server_ip_address>

    4. end

  2. Run these commands to configure the syslog server setting and to enable it:

    1. config system locallog syslogd3 setting

    2. set severity information

    3. set syslog-name New_syslog_server

    4. set status enable

    5. end

FortiManager supports multiple active syslog server destinations.

We recommend that you verify how many firewalls your FortiManager device version supports, and then use syslogd, syslogd2,syslog3,…syslog<n> to configure the desired syslog server setting.