Configuring a Fortinet Fortigate Firewall
Firmware: FortiOS 2.5+, 3.x, 4.0 (GA, MR1, MR2, MR3)
Collector: Network Collector - Syslog
To send log messages from a Fortinet Fortigate Firewall to TLC, you may configure the firewall with the Fortigate user interface or a command line.
To configure the firewall from a command line:
| 1. | Connect to the Fortigate device via Telnet or SSH. |
| 2. | Log in to the device with an account that has administrator rights. |
| 3. | In a command line, enter the following commands: |
config global
config log syslogd setting
set status enable
set server "<tlc_manager>"
set csv enable
set facility local1
set port 514
end
config log syslogd filter
set severity debug
end
end
Where:
tlc_manager is the IP address of the Manager to which the firewall will forward log messages.
local1 is the facility of the log messages to be sent to the Manager.
|
Caution |
set csv enable must be entered in order to support Fortigate Logs. If this command is omitted, these TLC rules cannot normalize log messages. |
|---|
To configure the firewall in the Fortigate user interface:
| 1. | Open the Fortigate Web Interface. |
| 2. | Select Log&Report > Log Config > Log Setting. |
| 3. | Select Syslog. |
| 4. | In the Name/IP field, enter the IP address or host name of the Manager that will host the Network Collector to which the firewall will send log messages. |
| 5. | From the Level drop-down, select Information. |
| 6. | Select Enable CSV Format. |
|
Caution |
This check box must be selected in order to support Fortigate Logs. If this command is omitted, these TLC rules cannot normalize log messages. |
|---|
| 7. | Click Apply. |
|
Next |
If you are performing initial configuration of your TLC environment, see Configuring your TLC Environment. Otherwise, see Adding a Monitored Asset for a new Log Source. |
|---|