Fortinet FortiAnalyzer (syslog)

Configure Fortinet FortiAnalyzer for syslog log forwarding to Radiant Security.

In this guide, you will configure syslog log forwarding for Fortinet FortiAnalyzer.

Add the data connector in Radiant Security

  1. Log in to Radiant Security.

  2. From the navigation menu, click Settings > Data Connectors and click + Add Connector.

  3. Search for and select the Fortinet Fortigate option and then click Data Feeds.

  4. Under Select your data feeds, select the Fortinet Fortigate v7 data feed and click Credentials.

  5. Under Credential Name, give the credential an identifiable name (e.g. Fortigate - Token). If you already have a credential in place, select it from the drop-down menu. Click Add Connector.

  6. In the Connector tag field, enter a random value. This value will act as the salt to randomize the unique Token you’ll download in the next step.

  7. Click Add Connector.

  8. Click Done to save your changes.

Licenses

A FortiAnalyzer license is required to proceed with this integration. If you wish to onboard Fortinet Fortigate firewalls but don't have a FortiAnalyzer, refer to the Fortinet Fortigate (syslog) document.

Configure a local Radiant Security Agent

Note: When using FortiAnalyzer, the implementation of the Radiant Security Agent is mandatory.

Refer to the Install the Radiant Security Agent guide to set up a local agent to collect the logs.

Configure log forwarding with FortiAnalyzer

  1. Access the FortiAnalyzer Console, go to System Settings > Log Forwarding.

  2. In the toolbar, click Create New.

  3. On the new pane, configure the following settings:

    • Name: RadiantSecurity_Connector

    • Status: ON

    • FQDN/IP: Enter the IP address of the local syslog forwarder

    • Syslog Server Port: 6514

    • Reliable Connection: ON

    • (If available) Remote Server Type: Syslog

    • (Optional) Device Filters: Select the Fortigate devices whose logs must be forwarded to Radiant Security

      • If no devices are selected, logs from all Fortigate devices will be forwarded.

    • Log Filters: ON

      • Log messages that match: Any of the Following Conditions

      • Add the following filters:

        • Log Type Equal To Traffic

        • Log Type Equal To Event

        • Log Type Equal To UTM

  4. Click OK to save your changes.

PreviousFortinet Fortigate (syslog)NextGCP Audit Logs

Last updated