Firmware: FortiOS 2.5+, 3.x, 4.0 (GA, MR1, MR2, MR3)
Collector: Network Collector - Syslog
To send log messages from a Fortinet Fortigate Firewall to TLC, you may configure the firewall with the Fortigate user interface or a command line.
To configure the firewall from a command line:
1. | Connect to the Fortigate device via Telnet or SSH. |
2. | Log in to the device with an account that has administrator rights. |
3. | In a command line, enter the following commands: |
config global
config log syslogd setting
set status enable
set server "<tlc_manager>"
set csv enable
set facility local1
set port 514
end
config log syslogd filter
set severity debug
end
end
Where:
tlc_manager is the IP address of the Manager to which the firewall will forward log messages.
local1 is the facility of the log messages to be sent to the Manager.
Caution |
set csv enable must be entered in order to support Fortigate Logs. If this command is omitted, these TLC rules cannot normalize log messages. |
---|
To configure the firewall in the Fortigate user interface:
1. | Open the Fortigate Web Interface. |
2. | Select Log&Report > Log Config > Log Setting. |
3. | Select Syslog. |
4. | In the Name/IP field, enter the IP address or host name of the Manager that will host the Network Collector to which the firewall will send log messages. |
5. | From the Level drop-down, select Information. |
6. | Select Enable CSV Format. |
Caution |
This check box must be selected in order to support Fortigate Logs. If this command is omitted, these TLC rules cannot normalize log messages. |
---|
7. | Click Apply. |
Next |
If you are performing initial configuration of your TLC environment, see Configuring your TLC Environment. Otherwise, see Adding a Monitored Asset for a new Log Source. |
---|