Fortinet® FortiGate® NGFW Logs
Configure Fortinet® FortiGate® NGFW to send logs to Arctic Wolf Direct link to this section
You can configure Fortinet® FortiGate® Next-Generation Firewall (NGFW) to send the necessary logs to Arctic Wolf for monitoring security information using either of these methods:
- GUI — See Configure FortiGate® NGFW log forwarding using the GUI.
- CLI — See Configure FortiGate® NGFW log forwarding using the CLI.
Configure FortiGate® NGFW log fowarding using the GUI Direct link to this section
-
Sign in to your FortiGate® NGFW.
-
Select Log & Report > Log Setting.
-
On the Log Settings page, do the following:
- Send logs to syslog — Turn on the toggle to enable log forwarding.
- IP Address/FQDN — Enter the IP address of your Arctic Wolf physical or virtual sensor.
- Event Logging — Click All.
- Local Traffic Log — Click All.
-
Click Apply.
-
Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:
- Confirmation that you have completed the steps in this configuration guide.
- The IP address you used during the configuration.
- Any other questions or comments that you have.
Configure FortiGate® NGFW log forwarding using the CLI Direct link to this section
-
Connect one end of your console cable to the console port on the FortiGate® appliance and the other end to a serial communications (COM) port on your computer.
-
Launch your SSH client with the following settings:
- Serial line — Enter
COM1
. - SSpeed (baud) — Enter
9600
. - SData bits — Enter
8
. - SStop bits — Enter
1
. - SParity — Select None.
- SFlow control — Select None.
- Serial line — Enter
-
Log in to the CLI as an administrator using your SSH client.
-
Run the following command, where
<sensor_ip>
is the IP address of your Arctic Wolf physical or virtual sensor:config log syslogd setting
set status enable
set server <sensor_ip>
set mode udp
set port 514
set format default
end -
Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:
- Confirmation that you have completed the steps in this configuration guide.
- The IP address you used during the configuration.
- Any other questions or comments that you have.