Configure Fortinet FortiManager log forwarding using the GUI

You can configure Fortinet® FortiManager to send the necessary logs to Arctic Wolf® for security monitoring.

Requirements

• An activated Arctic Wolf Sensor
• Access to Fortinet FortiManager with administrator permissions

Steps

1. Create a new syslog server.
2. Provide your Fortinet FortiManager information to Arctic Wolf.

Step 1: Create a new syslog server

1. Sign in to FortiManager with administrator permissions.

2. Click System Settings > Advanced > Syslog Server.

3. Click Create New.

4. In the Create New Syslog Server Settings section, configure these settings:

   • Name — Enter a unique name for your Arctic Wolf physical or virtual sensor.
   • IP Address (or FQDN) — Enter the IP address of your Arctic Wolf physical or virtual sensor.
   • Syslog Server Port — Enter 514.
   • Reliable Connection — Clear the checkbox.

5. Click OK.

Step 2: Provide your Fortinet FortiManager information to Arctic Wolf

1. Sign in to the Arctic Wolf® Unified Portal.

2. Click Help > Open a New Ticket.

3. On the Open a New Ticket page, configure these settings:

   • What is this ticket related to? — Select General request.
   • Subject — Enter Syslog changes.
   • Related ticket (optional) — Keep blank.
   • Message — Enter this information for your Concierge Security® Team (CST):
     • Confirmation that you completed the steps in this configuration guide.
     • The IP address or hostname you used during the configuration.
     • Any questions or comments that you have.

4. Click Send Message.

   Your CST will review the details, and then confirm that Arctic Wolf is successfully processing the logs.

See also

• Configure Fortinet FortiManager to send logs to Arctic Wolf