Fortinet® FortiManager® Logs

Configuration Guide

Updated Feb 1, 2023

Fortinet® FortiManager® Logs

Configure Fortinet® FortiManager® to send logs to Arctic Wolf Direct link to this section

You can configure Fortinet® FortiManager® to send the necessary logs to Arctic Wolf for monitoring security information using either of these methods:

Configure FortiManager® log forwarding using the GUI Direct link to this section

  1. Sign in to FortiManager® as an administrator.

  2. Click System Settings > Advanced > Syslog Server.

  3. Click Create New.

  4. In the Create New Syslog Server Settings section, do the following:

    • Name — Enter a unique name for your Arctic Wolf physical or virtual sensor.
    • IP Address (or FQDN) — Enter the IP address of your Arctic Wolf physical or virtual sensor.
    • Syslog Server Port — Enter 514.
    • Reliable Connection — Clear the checkbox.
  5. Click OK.

  6. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address you used during the configuration.
    • Any other questions or comments that you have.

Configure FortiManager® log forwarding using the CLI Direct link to this section

  1. Connect one end of your console cable to the console port on the FortiManager® appliance and the other end to a serial communications (COM) port on your computer.

  2. Launch your SSH client with the following settings:

    • Serial line — Enter COM1.
    • Speed (baud) — Enter 115200.
    • Data bits — Enter 8.
    • Stop bits — Enter 1.
    • Parity — Select None.
    • Flow control — Select None.
  3. Log in to the CLI as an administrator using your SSH client.

  4. Run the following command, where <name> is the name of your Arctic Wolf sensor and <sensor_ip> is the IP address of your Arctic Wolf physical or virtual sensor:

    config system syslog
    edit <name>
    set ip <sensor_ip>
    set port 514
    set reliable disable
    end
    end
  5. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address you used during the configuration.
    • Any other questions or comments that you have.

See also Direct link to this section