Exciting news! We are redesigning the Arctic Wolf Help Documentation site to provide a better user experience. Our new site will launch on May 1, 2024.

Fortinet FortiGate NGFW Logs

Updated Nov 10, 2023

Configure Fortinet FortiGate NGFW log forwarding using the CLI

You can configure Fortinet® FortiGate® Next-Generation Firewall (NGFW) to send the necessary logs to Arctic Wolf® for security monitoring.

Requirements

Steps

  1. Launch your SSH client.
  2. Provide your Fortinet Fortigate information to Arctic Wolf.

Step 1: Launch your SSH client

  1. Connect one end of your console cable to the console port on the FortiGate appliance.

  2. Connect the other end of your console cable to a serial communications (COM) port on your computer.

  3. In your SSH client, configure these settings:

    • Serial line — Enter COM1.
    • Speed (baud) — Enter 9600.
    • Data bits — Enter 8.
    • Stop bits — Enter 1.
    • Parity — Select None.
    • Flow control — Select None.
  4. Sign in to the CLI with administrator permissions using your SSH client.

  5. Run this command:

    config log syslogd setting
      set status enable
      set server <sensor_ip>
      set mode udp
      set port 514
      set format default
    end

    Where:

    • <sensor_ip> is the IP address of your Arctic Wolf physical or virtual sensor.

Step 2: Provide your Fortinet Fortigate information to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click the Tickets tab, and then do one of these actions:

    • New customers — In the Ticket Type list, select Onboarding. Then, click the existing [Deploy] Site Config: <ticket_subject> ticket.
    • Existing customers — Click Open a New Ticket.
  3. On the Open a New Ticket page, configure these settings:

    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep empty.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname you used during the configuration.
      • Questions or comments that you have.
  4. Click Send Message.

    Your CST will review the details and make sure that Arctic Wolf is successfully processing the logs.

See also