Fortinet® FortiGate® NGFW Logs

Configuration Guide

Updated Feb 1, 2023

Fortinet® FortiGate® NGFW Logs

Configure Fortinet® FortiGate® NGFW to send logs to Arctic Wolf Direct link to this section

You can configure Fortinet® FortiGate® Next-Generation Firewall (NGFW) to send the necessary logs to Arctic Wolf for monitoring security information using either of these methods:

Configure FortiGate® NGFW log fowarding using the GUI Direct link to this section

  1. Sign in to your FortiGate® NGFW.

  2. Select Log & Report > Log Setting.

  3. On the Log Settings page, do the following:

    • Send logs to syslog — Turn on the toggle to enable log forwarding.
    • IP Address/FQDN — Enter the IP address of your Arctic Wolf physical or virtual sensor.
    • Event Logging — Click All.
    • Local Traffic Log — Click All.
  4. Click Apply.

  5. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address you used during the configuration.
    • Any other questions or comments that you have.

Configure FortiGate® NGFW log forwarding using the CLI Direct link to this section

  1. Connect one end of your console cable to the console port on the FortiGate® appliance and the other end to a serial communications (COM) port on your computer.

  2. Launch your SSH client with the following settings:

    • Serial line — Enter COM1.
    • SSpeed (baud) — Enter 9600.
    • SData bits — Enter 8.
    • SStop bits — Enter 1.
    • SParity — Select None.
    • SFlow control — Select None.
  3. Log in to the CLI as an administrator using your SSH client.

  4. Run the following command, where <sensor_ip> is the IP address of your Arctic Wolf physical or virtual sensor:

    config log syslogd setting
    set status enable
    set server <sensor_ip>
    set mode udp
    set port 514
    set format default
    end
  5. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address you used during the configuration.
    • Any other questions or comments that you have.

See also Direct link to this section