Fortinet FortiGate NGFW Logs
Updated Aug 31, 2023Configure Fortinet FortiGate NGFW to send logs to Arctic Wolf
You can configure Fortinet® FortiGate Next-Generation Firewall (NGFW) to send the necessary logs to Arctic Wolf for monitoring security information using either of these methods:
- GUI — See Configure FortiGate® NGFW log forwarding using the GUI.
- CLI — See Configure FortiGate® NGFW log forwarding using the CLI.
Requirements
- Activated Arctic Wolf Sensor
Configure FortiGate NGFW log forwarding using the GUI
-
Sign in to your FortiGate NGFW.
-
Select Log & Report > Log Settings.
-
Click the Global Settings tab, and then do the following:
- Event Logging — Click All.
- Local traffic logging — Click All.
- Syslog logging — Turn on the toggle to enable log forwarding.
- IP address/FQDN — Enter the IP address of your Arctic Wolf physical or virtual sensor.
-
Click Apply.
-
Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:
- Confirmation that you have completed the steps in this configuration guide.
- The IP address you used during the configuration.
- Any other questions or comments that you have.
Configure FortiGate NGFW log forwarding using the CLI
-
Connect one end of your console cable to the console port on the FortiGate appliance and the other end to a serial communications (COM) port on your computer.
-
Launch your SSH client with the following settings:
- Serial line — Enter
COM1
. - SSpeed (baud) — Enter
9600
. - SData bits — Enter
8
. - SStop bits — Enter
1
. - SParity — Select None.
- SFlow control — Select None.
- Serial line — Enter
-
Log in to the CLI as an administrator using your SSH client.
-
Run the following command, where
<sensor_ip>
is the IP address of your Arctic Wolf physical or virtual sensor:config log syslogd setting set status enable set server <sensor_ip> set mode udp set port 514 set format default end
-
Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:
- Confirmation that you have completed the steps in this configuration guide.
- The IP address you used during the configuration.
- Any other questions or comments that you have.