Skip to content

Collecting from Fortinet FortiGate

TeskaLabs LogMan.io can collect Fortinet FortiGate logs directly or through FortiAnalyzer via log forwarding over TCP (recommended) or UDP communication.

Forwards logs to LogMan.io

Both in FortiGate and FortiAnalyzer, the Syslog type must be selected along with the appropriate port. For precise guides, see the following link:

LogMan.io Collector Configuration

On the LogMan.io server, where the logs are being forwarded to, run a LogMan.io Collector instance with the following configuration. In the address section, set the appropriate port configured in the Log Forwarding in FortiAnalyzer.

Log Forwarding Via TCP

input:TCPBSDSyslogRFC6587:Fortigate:
  address: 0.0.0.0:<PORT_SET_IN_FORWARDING>
  output: <OUTPUT_ID>

output:xxxxxxx:<OUTPUT_ID>:
  ...

Log Forwarding Via UDP

input:Datagram:Fortigate:
  address: 0.0.0.0:<PORT_SET_IN_FORWARDING>
  output: <OUTPUT_ID>

output:xxxxxxx:<OUTPUT_ID>:
  ...