Click here to expand

    Configuring the Syslog Service on Fortinet devices

    To configure the Syslog service in your Fortinet devices (FortiManager 5.0.7 and above) follow the steps below:

    1. Login to the Fortinet device as an administrator.
    2. Define the Syslog Servers either through the GUI System Settings > Advanced > Syslog Server or with CLI commands:
      Copy to Clipboard

      config system syslog

      edit <server name>

      set ip <Syslog server IP>


    3. Enable sending FortiManager local logs to the EventLog Analyzer server via CLI.
      config system locallog syslogd setting
      set syslog-name
      < Remote syslog server name, defined at previous step>
      set severity <emergency | alert | critical | error | warning | notification | information | debug> (Least severity level to log)
      set status <enable | disable>
      set csv Whether to enable CSV.
      set facility Which facility for remote syslog.
      set port Port that server listens at.

    Once you have completed the configuration steps, the logs from your Fortinet device will be automatically forwarded to the EventLog Analyzer server.

    For more details and for other versions, refer source:

    Get download link