Skip to content

Forward Fortinet logs

Configure Fortinet to forward syslog messages in CEF format.

Open the CLI on your Fortinet appliance and run the following commands:

config log syslogd setting
set status enable
set format cef
set mode reliable
set port 2515
set server <ip_address_of_Receiver>
end
  • Replace the server ip address with the IP address of the LogSentinel Collector.
  • Set the syslog port to 2515 or the port you have configured.
  • To enable CEF format in early FortiOS versions, you might need to run the command set csv disable.
  • the mode "reliable" is optional, "udp" can also be used

Note

Make sure that all firewalls (including the firewall on the collector machine) allow connections to the port above

Note

For more information, go to the Fortinet document library. Select your version, and use the Handbook and Log Message Reference.