Collecting from FortiGate

TeskaLabs LogMan.io can collect FortiGate logs directly or through FortiAnalyzer via log forwarding over TCP (recommended) or UDP communication.

Forwards logs to LogMan.io

Both in FortiGate and FortiAnalyzer, the Syslog type must be selected along with the appropriate port. For precise guides, see the following link:

• FortiAnalyzer Log Forwarding Setting

Configuring LogMan.io Collector

On the LogMan.io server, where the logs are being forwarded to, run a LogMan.io Collector instance with the following configuration. In the address section, set the appropriate port configured in the Log Forwarding in FortiAnalyzer.

Log Forwarding Via TCP

input:TCPBSDSyslogRFC6587:Fortigate:
  address: 0.0.0.0:<PORT_SET_IN_FORWARDING>
  output: WebSocketOutput

output:WebSocket:WebSocketOutput:
  url: http://<LMIO_SERVER>:<YOUR_PORT>/ws
  tenant: <YOUR_TENANT>
  debug: false
  prepend_meta: false

Log Forwarding Via UDP

input:Datagram:Fortigate:
  address: 0.0.0.0:<PORT_SET_IN_FORWARDING>
  output: WebSocketOutput

output:WebSocket:WebSocketOutput:
  url: http://<LMIO_SERVER>:<YOUR_PORT>/ws
  tenant: <YOUR_TENANT>
  debug: false
  prepend_meta: false