Configure Fortinet FortiManager log forwarding using the GUI

You can configure Fortinet® FortiManager to send the necessary logs to Arctic Wolf® for security monitoring using the user interface.

These resources are required:

  • An activated Arctic Wolf Sensor or Virtual Log Collector (vLC)
  • Access to Fortinet FortiManager with administrator permissions

Create a new syslog server

  1. Sign in to FortiManager with administrator permissions.
  2. Click System Settings > Advanced > Syslog Server.
  3. Click Create New.
  4. In the Create New Syslog Server Settings section, configure these settings:
    • Name — Enter a unique name for your Arctic Wolf Sensor.
    • IP Address (or FQDN) — Enter your Arctic Wolf Sensor IP address.
    • Syslog Server Port — Enter 514.
    • Reliable Connection — Clear the checkbox.
  5. Click OK.

Provide configuration information to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Tickets & Alerts > All Tickets.
  3. Perform the appropriate action, depending on if you are:
    • A new customer — In the Ticket Type list, select Onboarding. Then, click the existing [Deploy] Site Config: <ticket_subject> ticket.
    • An existing customer — Click Open a New Ticket.
  4. On the Open a New Ticket page, configure these settings:
    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep empty.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname of the Arctic Wolf Sensor that you used during the configuration.
      • The IP address, timezone, and device type for all sources that you are forwarding.
      • Questions or comments that you have.
  5. Click Send Message.

    Your CST reviews the details to make sure that Arctic Wolf is successfully processing the logs.