Fortinet® FortiManager® Logs

Configure Fortinet® FortiManager® to send logs to Arctic Wolf Direct link to this section

You can configure Fortinet® FortiManager® to send the necessary logs to Arctic Wolf for monitoring security information using either of these methods:

• GUI — See Configure FortiManager® log forwarding using the GUI.
• CLI — See Configure FortiManager® log forwarding using the CLI.

Configure FortiManager® log forwarding using the GUI Direct link to this section

1. Sign in to FortiManager® as an administrator.

2. Click System Settings > Advanced > Syslog Server.

3. Click Create New.

4. In the Create New Syslog Server Settings section, do the following:

   • Name — Enter a unique name for your Arctic Wolf physical or virtual sensor.
   • IP Address (or FQDN) — Enter the IP address of your Arctic Wolf physical or virtual sensor.
   • Syslog Server Port — Enter 514.
   • Reliable Connection — Clear the checkbox.

5. Click OK.

6. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

   • Confirmation that you have completed the steps in this configuration guide.
   • The IP address you used during the configuration.
   • Any other questions or comments that you have.

Configure FortiManager® log forwarding using the CLI Direct link to this section

1. Connect one end of your console cable to the console port on the FortiManager® appliance and the other end to a serial communications (COM) port on your computer.

2. Launch your SSH client with the following settings:

   • Serial line — Enter COM1.
   • Speed (baud) — Enter 115200.
   • Data bits — Enter 8.
   • Stop bits — Enter 1.
   • Parity — Select None.
   • Flow control — Select None.

3. Log in to the CLI as an administrator using your SSH client.

4. Run the following command, where <name> is the name of your Arctic Wolf sensor and <sensor_ip> is the IP address of your Arctic Wolf physical or virtual sensor:

   config system syslog
    edit <name>
      set ip <sensor_ip>
      set port 514
      set reliable disable
    end
   end

5. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

   • Confirmation that you have completed the steps in this configuration guide.
   • The IP address you used during the configuration.
   • Any other questions or comments that you have.

See also Direct link to this section

• Fortinet® — Configuring syslog settings
• Fortinet® — Administration Guide | Log settings and targets
• Fortinet® — Administration Guide | Syslog Server
• Fortinet® — CLI Reference | log {syslogd | syslogd2 | syslogd3 | syslogd4} setting
• Fortinet® — CLI Reference | syslog