Exciting news! We are redesigning the Arctic Wolf Help Documentation site to provide a better user experience. Our new site will launch on May 1, 2024.

Fortinet FortiManager Logs

Updated Nov 10, 2023

Configure Fortinet FortiManager log forwarding using the GUI

You can configure Fortinet® FortiManager to send the necessary logs to Arctic Wolf® for security monitoring.

Requirements

Steps

  1. Create a new syslog server.
  2. Provide your Fortinet FortiManager information to Arctic Wolf.

Step 1: Create a new syslog server

  1. Sign in to FortiManager with administrator permissions.

  2. Click System Settings > Advanced > Syslog Server.

  3. Click Create New.

  4. In the Create New Syslog Server Settings section, configure these settings:

    • Name — Enter a unique name for your Arctic Wolf physical or virtual sensor.
    • IP Address (or FQDN) — Enter the IP address of your Arctic Wolf physical or virtual sensor.
    • Syslog Server Port — Enter 514.
    • Reliable Connection — Clear the checkbox.
  5. Click OK.

Step 2: Provide your Fortinet FortiManager information to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click the Tickets tab, and then do one of these actions:

    • New customers — In the Ticket Type list, select Onboarding. Then, click the existing [Deploy] Site Config: <ticket_subject> ticket.
    • Existing customers — Click Open a New Ticket.
  3. On the Open a New Ticket page, configure these settings:

    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep empty.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname you used during the configuration.
      • Questions or comments that you have.
  4. Click Send Message.

    Your CST will review the details and make sure that Arctic Wolf is successfully processing the logs.

See also