# Fortinet Fortigate (syslog) In this guide, you will configure syslog log forwarding for Fortinet Fortigate. {% hint style="info" %} To use **Fortinet FortiAnalyzer** to forward Fortigate syslog to Radiant, please refer to the [Fortinet FortiAnalyzer (syslog) documentation](https://help.radiantsecurity.ai/~/revisions/lKcvF0ITeM8cVhUuHU84/radiant-connectors/data-connectors/fortinet-fortianalyzer-syslog) {% endhint %} {% hint style="warning" %} If you will be forwarding Fortigate Firewall logs to Radiant using a **Radiant Agent**, please refer to [this other article](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/fortinet-fortigate-via-radiant-agent) instead. {% endhint %} ### Add the data connector in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**. 3. Search for and select the **Fortinet Fortigate (syslog)** option and then click **Data Feeds**. 4. Under **Select your data feeds**, select the **Fortinet Fortigate v7** data feed and click **Credentials**. 5. Under **Credential Name**, give the credential an identifiable name (e.g. `Fortigate - Token`). If you already have a credential in place, select it from the drop-down menu. Click **Add Connector**. 6. In the **Connector tag** field, enter a random value. This value will act as the salt to randomize the unique **Token** you’ll download in the next step. 7. Click **Add Connector**. 8. Copy and save the **Token** value using the clipboard option or downloading the **Token** file. Download the **SSL certificate**, as you will need it when configuring the syslog source (Fortinet Fortigate) in the next section. 9. Click **Done** to save your changes. ### Configure the syslog token on the Fortigate Firewalls {% hint style="info" %} No additional license is required to forward the syslog events directly from the firewall consoles. {% endhint %} 1. Access the Fortigate CLI 2. Enter the following commands to create a custom log field and apply it to the logging configuration. Repeat this step on all Fortigate firewalls. * Update the values between `<>` with the corresponding values: * The **fieldID** can be set to any value that can help identify the custom-field. * The **token** is provided by Radiant Security during the Data Connector setup. ```jsx config log custom-field edit set name rs_fg_st set value end config log setting set custom-log-fields end ``` ### Configure TLS syslog directly from FortiGate Firewalls The steps below must be applied on all Fortigate firewalls that should forward syslog to Radiant Security. Use the following help article as a reference: [Log settings and targets](https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/250999/log-settings-and-targets). 1. In FortiGate, go to **System > Certificates > Create/Import > CA Certificate > File**. 2. Upload the CA certificate provided by Radiant Security to FortiGate as a **Remote CA**. 3. Log into the FortiGate CLI and configure the following syslogd setting: ```jsx config log syslogd setting set status enable set server "cluster.syslog.radiantsecurity.ai" set mode reliable set port 6514 set enc-algorithm high end ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/fortinet-fortigate-syslog.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.