Fortinet® FortiGate® NGFW Logs

Configure Fortinet® FortiGate® NGFW to send logs to Arctic Wolf Direct link to this section

You can configure Fortinet® FortiGate® Next-Generation Firewall (NGFW) to send the necessary logs to Arctic Wolf for monitoring security information using either of these methods:

• GUI — See Configure FortiGate® NGFW log forwarding using the GUI.
• CLI — See Configure FortiGate® NGFW log forwarding using the CLI.

Configure FortiGate® NGFW log fowarding using the GUI Direct link to this section

1. Sign in to your FortiGate® NGFW.

2. Select Log & Report > Log Setting.

3. On the Log Settings page, do the following:

   • Send logs to syslog — Turn on the toggle to enable log forwarding.
   • IP Address/FQDN — Enter the IP address of your Arctic Wolf physical or virtual sensor.
   • Event Logging — Click All.
   • Local Traffic Log — Click All.

4. Click Apply.

5. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

   • Confirmation that you have completed the steps in this configuration guide.
   • The IP address you used during the configuration.
   • Any other questions or comments that you have.

Configure FortiGate® NGFW log forwarding using the CLI Direct link to this section

1. Connect one end of your console cable to the console port on the FortiGate® appliance and the other end to a serial communications (COM) port on your computer.

2. Launch your SSH client with the following settings:

   • Serial line — Enter COM1.
   • SSpeed (baud) — Enter 9600.
   • SData bits — Enter 8.
   • SStop bits — Enter 1.
   • SParity — Select None.
   • SFlow control — Select None.

3. Log in to the CLI as an administrator using your SSH client.

4. Run the following command, where <sensor_ip> is the IP address of your Arctic Wolf physical or virtual sensor:

   config log syslogd setting
     set status enable
     set server <sensor_ip>
     set mode udp
     set port 514
     set format default
   end

5. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

   • Confirmation that you have completed the steps in this configuration guide.
   • The IP address you used during the configuration.
   • Any other questions or comments that you have.

See also Direct link to this section

• Fortinet® — Configuring syslog settings
• Fortinet® — Administration Guide | Log settings and targets
• Fortinet® — Administration Guide | Syslog Server
• Fortinet® — CLI Reference | log {syslogd | syslogd2 | syslogd3 | syslogd4} setting
• Fortinet® — CLI Reference | syslog