Fortinet FortiManager Logs
Updated Aug 31, 2023Configure Fortinet FortiManager to send logs to Arctic Wolf
You can configure Fortinet® FortiManager to send the necessary logs to Arctic Wolf for monitoring security information using either of these methods:
- GUI — See Configure FortiManager log forwarding using the GUI.
- CLI — See Configure FortiManager log forwarding using the CLI.
Requirements
- Activated Arctic Wolf Sensor
Configure FortiManager log forwarding using the GUI
-
Sign in to FortiManager as an administrator.
-
Click System Settings > Advanced > Syslog Server.
-
Click Create New.
-
In the Create New Syslog Server Settings section, do the following:
- Name — Enter a unique name for your Arctic Wolf physical or virtual sensor.
- IP Address (or FQDN) — Enter the IP address of your Arctic Wolf physical or virtual sensor.
- Syslog Server Port — Enter
514
. - Reliable Connection — Clear the checkbox.
-
Click OK.
-
Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:
- Confirmation that you have completed the steps in this configuration guide.
- The IP address you used during the configuration.
- Any other questions or comments that you have.
Configure FortiManager log forwarding using the CLI
-
Connect one end of your console cable to the console port on the FortiManager appliance and the other end to a serial communications (COM) port on your computer.
-
Launch your SSH client with the following settings:
- Serial line — Enter
COM1
. - Speed (baud) — Enter
115200
. - Data bits — Enter
8
. - Stop bits — Enter
1
. - Parity — Select None.
- Flow control — Select None.
- Serial line — Enter
-
Log in to the CLI as an administrator using your SSH client.
-
Run the following command, where
<name>
is the name of your Arctic Wolf sensor and<sensor_ip>
is the IP address of your Arctic Wolf physical or virtual sensor:config system syslog edit <name> set ip <sensor_ip> set port 514 set reliable disable end end
-
Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:
- Confirmation that you have completed the steps in this configuration guide.
- The IP address you used during the configuration.
- Any other questions or comments that you have.