Forward Fortinet logs¶
Configure Fortinet to forward syslog messages in CEF format.
Open the CLI on your Fortinet appliance and run the following commands:
config log syslogd setting set status enable set format cef set mode reliable set port 2515 set server <ip_address_of_Receiver> end
- Replace the server ip address with the IP address of the LogSentinel Collector.
- Set the syslog port to 2515 or the port you have configured.
- To enable CEF format in early FortiOS versions, you might need to run the command set csv disable.
- the mode "reliable" is optional, "udp" can also be used
Make sure that all firewalls (including the firewall on the collector machine) allow connections to the port above
For more information, go to the Fortinet document library. Select your version, and use the Handbook and Log Message Reference.