# Fortinet FortiAnalyzer

Fortinet FortiAnalyzer is a log aggregation and analytics platform that centralizes logs from FortiGate firewalls and other Fortinet devices across a customer environment. Connecting FortiAnalyzer forwards aggregated FortiGate firewall and threat syslog to Radiant Security in a single stream, with optional device-level filtering applied at the FortiAnalyzer. Radiant uses the syslog data to triage firewall and threat alerts in context, giving analysts faster verdicts on whether observed traffic reflects a real compromise or routine network activity.

{% hint style="info" %}
A **FortiAnalyzer license** is required to forward logs from FortiAnalyzer. To forward logs directly from FortiGate firewalls without FortiAnalyzer, refer to [Fortinet FortiGate](/radiant-connectors/data-connectors/fortinet/fortinet-fortigate.md).
{% endhint %}

FortiAnalyzer can forward logs to Radiant Security in two ways:

* **Through the Radiant Agent (recommended).** Forward to a Radiant Agent deployed in your environment.
* **Direct to Radiant Security.** Forward over TLS to the Radiant syslog cluster. Use only when a Radiant Agent is not available.

### Prerequisites

* [ ] FortiAnalyzer administrator access with permission to configure Log Forwarding
* [ ] An active FortiAnalyzer license
* [ ] For the Radiant Agent path: a deployed [Radiant Agent](/radiant-connectors/data-connectors/install-the-radiant-security-agent.md) reachable from FortiAnalyzer
* [ ] For the direct path: network egress from FortiAnalyzer to `cluster.syslog.radiantsecurity.ai` on TCP port `6514`
* [ ] Administrator role in Radiant Security

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors**, then click **+ Add Connector**.
3. Search for and select **Radiant Agent**, then click **Data Feeds**.
4. Under **Select your data feeds**, select **Fortinet Fortigate v7**, then click **Credentials**.
5. Under **Credential Name**, enter an identifiable name for the Radiant Agent integration (e.g., `Radiant Agent integration`). To reuse an existing Radiant Agent credential, select it from the drop-down menu.
6. Click **Add Connector**.

### Configure FortiAnalyzer log forwarding through the Radiant Agent

Before starting, confirm the IP address of the Radiant Agent and the port configured to receive FortiAnalyzer data. If you do not know the port, contact your Customer Success representative. For Fortinet's reference, see [Log forwarding](https://docs.fortinet.com/document/fortianalyzer/7.4.1/administration-guide/410387/log-forwarding).

1. Log in to the FortiAnalyzer Console.
2. Go to **System Settings** > **Log Forwarding**.
3. On the toolbar, click **Create New**.
4. Configure the following settings:
   * **Name**: `RadiantSecurity_Connector`
   * **Status**: ON
   * **Remote Server Type**: Syslog
   * **Server FQDN/IP**: the IP address of the Radiant Agent
   * **Syslog Server Port**: the port configured on the Radiant Agent to receive FortiAnalyzer data
   * **Reliable Connection**: ON
5. (Optional) Under **Device Filters**, select the FortiGate devices whose logs should be forwarded to Radiant. If no devices are selected, logs from every connected FortiGate are forwarded.
6. Set **Log Filters** to ON, set **Log messages that match** to **Any of the Following Conditions**, then add these filters:
   * **Log Type Equal To Traffic**
   * **Log Type Equal To Event**
   * **Log Type Equal To UTM**

<figure><img src="/files/lRsnzLrTwLbsbQWPXLwD" alt=""><figcaption></figcaption></figure>

7. Click **OK** to save your changes.

### Configure FortiAnalyzer log forwarding directly to Radiant Security

Use this path only when a Radiant Agent is not available. For Fortinet's reference, see [Log forwarding](https://docs.fortinet.com/document/fortianalyzer/7.4.1/administration-guide/410387/log-forwarding).

1. Log in to the FortiAnalyzer Console.
2. Go to **System Settings** > **Log Forwarding**.
3. On the toolbar, click **Create New**.
4. Configure the following settings:
   * **Name**: `RadiantSecurity_Connector`
   * **Status**: ON
   * **Remote Server Type**: Syslog
   * **Server FQDN/IP**: `cluster.syslog.radiantsecurity.ai`
   * **Syslog Server Port**: `6514`
   * **Reliable Connection**: ON
5. (Optional) Under **Device Filters**, select the FortiGate devices whose logs should be forwarded to Radiant. If no devices are selected, logs from every connected FortiGate are forwarded.
6. Set **Log Filters** to ON, set **Log messages that match** to **Any of the Following Conditions**, then add these filters:
   * **Log Type Equal To Traffic**
   * **Log Type Equal To Event**
   * **Log Type Equal To UTM**
7. Click **OK** to save your changes.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/fortinet/fortinet-fortianalyzer.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.