Configuring Fortinet firewall

This article describes the steps to configure Fortinet Firewalls to send syslog data to the RocketCyber Firewall Analyzer

Firewalls running FortiOS 6.x and higher

In FortiOS 6.x and higher, syslog servers should be configured using a command line.

FortiOS allows up to 4 syslog servers on ForiOS 6.x.

• syslogd 
• syslogd2
• syslogd3
• syslogd4

To configure your firewall running FortiOS 6.x or higher:

1. Open a command line on the device.
2. Before configuring one of the available syslog servers, find the first one that is not already in use by the following command:

config log {syslogd | syslogd2 | syslogd3 | syslogd4} setting

show

end

3. Enter the following commands to configure the chosen syslog server entry {syslogd|syslogd2|syslogd3|syslogd4} in the example below we are using syslogd and our RocketAgent syslog IP address is 192.168.3.15

config global
config log syslogd setting 
set status enable
set csv disable
set server 192.168.3.15
set source-ip 10.2.2.2
end

4. For the server parameter, enter the IP address of the RocketAgent syslog server.
5. For the source-ip, enter the IP address of the firewall that will be sending the syslog messages to the RocketAgent syslog server.

Additional details can be found in the Fortigate FortiOS CLI Reference Guides

• https://help.fortinet.com/fgt/handbook/cli_html/index.html#page/FortiOS%25205.0%2520CLI/config_log.17.15.html
• https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/260508/log-syslogd-syslogd2-syslogd3-syslogd4-setting