Configuring a Fortinet FortiManager to Send Syslogs

SecureChange Requester This topic is intended for TOS Administrators.

Overview

To monitor with full accountability, define TOS as a syslog server for each monitored FortiGate or FortiManager device. To get rule and object usage reporting, the FortiGate or FortiManager devices must send syslogs to TOS. To do this, define TOS as a syslog server for each monitored FortiGate or FortiManager device. This can be done by configuring SecureTrack as a Syslog server on the FortiGate firewalls or the FortiAnalyzer devices that receive the FortiGate logs. Afterwards, configure each firewall to allow the relevant traffic.

Syslog traffic must be configured to arrive to the TOS cluster that monitors the device - see Sending Additional Information via Syslog.

Syslog proxy is supported for specific devices. For more information on syslog proxy support for supported devices, see Configuring Devices to Send Logs.

Add TOS as a Syslog Server

  1. Run these commands to create a syslog server address:

    1. config system syslog
    2. edit New_syslog_server

    3. Based on your deployment, run one of the following:

      Cloud deployments:

      set ip <external_load_balancer_ip_address>

      On-premises deployments:

      set ip <syslog_virtual_ip_address>

  2. Configure and enable the syslog server setting:

    1. config system locallog syslogd<n> setting

      where:

      syslogd specifies the configuration for each syslog server destination as FortiManager supports multiple active syslog server destinations.
      <n> corresponds to the number of syslog servers supported by your FortiManager device version. For example, syslogd, syslogd2, syslog3, syslog4.

    2. set severity information
    3. set syslog-name New_syslog_server
    4. set status enable
    5. end