FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ESCHAN_FTNT
Staff
Staff
Article Id 190509
Description
This article explains how to configure FortiGate to send syslog to FortiAnalyzer.


Solution
In some specific scenario, FortiGate may need to be configured to send syslog to FortiAnalyzer (e.g. compatibility issue between FGT and FAZ firmware).
In the following example, FortiGate is running on firmware 6.2 while FortiAnalyzer running on firmware 5.6 only.
Based on the FortiAnalyzer and FortiOS compatibility chart (https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/8ffab884-566a-11e9-81a4-005056...), it is not supported.


FortiAnalyzer can also act as a syslog server,  then it is possible to configure FortiGate to send syslog to FortiAnalyzer:




However, upon checking on FortiAnalyzer unregistered device list, there is no option to add the FortiGate device to syslog ADOM:



FortiAnalyzer recognize it as FortiGate and thus will still assign the device to a FortiGate ADOM.
In this KB article, we are going to discuss how to configure on FortiGate so that it can send syslog to FortiAnalyzer instead.
On FortiGate, we will have to specify the syslog format to either csv or cef, so that FortiGate will actually send the log in csv or cef format and got FortiAnalyzer recognized it as a syslog device and successfully add it into syslog ADOM:
#config log syslogd setting
set format csv/cef
end
Check on the FortiAnalyzer, it is now possible to add the FortiGate device into FortiAnalyzer Syslog ADOM:


Contributors