Network Logs
      Back to home
      1. Radiant Help Center
      2. Getting Started
      3. Network Logs

      Fortinet Fortigate (syslog)

      Configure Fortinet Fortigate for syslog log forwarding to Radiant Security.

      Overview

      In this guide, you will configure syslog log forwarding for Fortinet Fortigate.

      You’ll do this by completing the following steps:

        

      Add the data connector in Radiant Security
      1.   Log in to Radiant Security.
      		  
      2.   From the navigation menu, click Settings > Data Connectors and click + Add Connector.
      3.   Search for and select Fortinet Fortigate option and then click Data Feeds. Captura de Tela 2024-03-03 às 16.56.05
      4.   Select the Fortinet Fortigate v7 data feed and then click Credentials. Captura de Tela 2024-03-03 às 16.56.08
      5.   Under Credential Name, give the credential an identifiable name (e.g. Fortigate - Token). If you already have a credential in place, select it from the drop-down menu. Click Add Connector.
      6.   In the Connector tag field, enter a random value. This value will act as the salt to randomize the unique Token you’ll download in the next step. Captura de Tela 2024-03-03 às 16.56.35
      7.   Click Add Connector.  
      8.   Copy and save the Token value using the clipboard option or downloading the Token file. Download the SSL certificate, as you will need it when configuring the syslog source (Fortinet Fortigate) in the next section. Captura de Tela 2024-03-03 às 16.56.51
      9.   Click Done to save your changes.  

      Licenses

      No additional license is required to forward the syslog events directly from each firewall console, but if the client has FortiAnalyzer the log collection and forwarding is centralized and requires a different step-by-step which is covered below on the Configure log forwarding with FortiAnalyzer section.

      Configure the syslog token on the Fortigate Firewalls

      1. Access the Fortigate CLI
      2. Enter the following commands to create a custom log field and apply it to the logging configuration. Repeat this step on all Fortigate firewalls.

      config log custom-field
      	edit <fieldID>
      		set name rs_fg_st
      		set value <token>
      		end
      config log setting
      	set custom-log-fields <fieldID>
      	end

      Configure log forwarding with FortiAnalyzer

      1. Access the FortiAnalyzer Console, go to System Settings > Advanced > Syslog Server.
      2. In the toolbar, click Create New.
      3. On the new pane, configure the following settings:
        • Name: RadiantSecurity_Connector
        • FQDN/IP: primary.syslog.radiantsecurity.ai
        • Syslog Server Port: 6514
        • Reliable Connection: ON
        • Secure Connection: ON
          Untitled (30)
      1. Click OK to save your changes.

      Configure TLS syslog directly from FortiGate Firewalls

      Use the following help article as a reference: Log settings and targets.

      1. Take the CA certificate provided by Radiant Security and import it to FortiGate as a Remote CA at System > Certificates > Create/Import > CA Certificate > File

      2. Log into the FortiGate CLI and configure the following syslogd setting:

        config log syslogd setting
            set status enable
            set server "<Radiant Security Syslog Server>"
            set mode reliable
            set port 6514
            set enc-algorithm high
        end

      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

       

      Last updated: 2024-08-23