# Fortinet Fortigate (syslog)

In this guide, you will configure syslog log forwarding for Fortinet Fortigate.

{% hint style="info" %}
To use **Fortinet FortiAnalyzer** to forward Fortigate syslog to Radiant, please refer to the [Fortinet FortiAnalyzer (syslog) documentation](https://help.radiantsecurity.ai/~/revisions/lKcvF0ITeM8cVhUuHU84/radiant-connectors/data-connectors/fortinet-fortianalyzer-syslog)
{% endhint %}

{% hint style="warning" %}
If you will be forwarding Fortigate Firewall logs to Radiant using a **Radiant Agent**, please refer to [this other article](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/fortinet-fortigate-via-radiant-agent) instead.
{% endhint %}

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select the **Fortinet Fortigate (syslog)** option and then click **Data Feeds**.
4. Under **Select your data feeds**, select the **Fortinet Fortigate v7** data feed and click **Credentials**.
5. Under **Credential Name**, give the credential an identifiable name (e.g. `Fortigate - Token`). If you already have a credential in place, select it from the drop-down menu. Click **Add Connector**.
6. In the **Connector tag** field, enter a random value. This value will act as the salt to randomize the unique **Token** you’ll download in the next step.
7. Click **Add Connector**.
8. Copy and save the **Token** value using the clipboard option or downloading the **Token** file. Download the **SSL certificate**, as you will need it when configuring the syslog source (Fortinet Fortigate) in the next section.
9. Click **Done** to save your changes.

### Configure the syslog token on the Fortigate Firewalls

{% hint style="info" %}
No additional license is required to forward the syslog events directly from the firewall consoles.
{% endhint %}

1. Access the Fortigate CLI
2. Enter the following commands to create a custom log field and apply it to the logging configuration. Repeat this step on all Fortigate firewalls.
   * Update the values between `<>` with the corresponding values:
     * The **fieldID** can be set to any value that can help identify the custom-field.
     * The **token** is provided by Radiant Security during the Data Connector setup.

```jsx
config log custom-field
	edit <fieldID>
		set name rs_fg_st
		set value <token>
		end
config log setting
	set custom-log-fields <fieldID>
	end
```

### Configure TLS syslog directly from FortiGate Firewalls

The steps below must be applied on all Fortigate firewalls that should forward syslog to Radiant Security. Use the following help article as a reference: [Log settings and targets](https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/250999/log-settings-and-targets).

1. In FortiGate, go to **System > Certificates > Create/Import > CA Certificate > File**.
2. Upload the CA certificate provided by Radiant Security to FortiGate as a **Remote CA**.
3. Log into the FortiGate CLI and configure the following syslogd setting:

```jsx
config log syslogd setting
    set status enable
    set server "cluster.syslog.radiantsecurity.ai"
    set mode reliable
    set port 6514
    set enc-algorithm high
end
```