Configure Fortinet FortiManager to send logs to Arctic Wolf

You can configure Fortinet® FortiManager to send the necessary logs to Arctic Wolf for monitoring security information using either of these methods:

• GUI — See Configure FortiManager log forwarding using the GUI.
• CLI — See Configure FortiManager log forwarding using the CLI.

Requirements

• Activated Arctic Wolf Sensor

Configure FortiManager log forwarding using the GUI

1. Sign in to FortiManager as an administrator.

2. Click System Settings > Advanced > Syslog Server.

3. Click Create New.

4. In the Create New Syslog Server Settings section, do the following:

   • Name — Enter a unique name for your Arctic Wolf physical or virtual sensor.
   • IP Address (or FQDN) — Enter the IP address of your Arctic Wolf physical or virtual sensor.
   • Syslog Server Port — Enter 514.
   • Reliable Connection — Clear the checkbox.

5. Click OK.

6. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

   • Confirmation that you have completed the steps in this configuration guide.
   • The IP address you used during the configuration.
   • Any other questions or comments that you have.

Configure FortiManager log forwarding using the CLI

1. Connect one end of your console cable to the console port on the FortiManager appliance and the other end to a serial communications (COM) port on your computer.

2. Launch your SSH client with the following settings:

   • Serial line — Enter COM1.
   • Speed (baud) — Enter 115200.
   • Data bits — Enter 8.
   • Stop bits — Enter 1.
   • Parity — Select None.
   • Flow control — Select None.

3. Log in to the CLI as an administrator using your SSH client.

4. Run the following command, where <name> is the name of your Arctic Wolf sensor and <sensor_ip> is the IP address of your Arctic Wolf physical or virtual sensor:

   config system syslog
    edit <name>
      set ip <sensor_ip>
      set port 514
      set reliable disable
    end
   end

5. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

   • Confirmation that you have completed the steps in this configuration guide.
   • The IP address you used during the configuration.
   • Any other questions or comments that you have.

See also

• Fortinet — Configuring syslog settings
• Fortinet — Administration Guide | Log settings and targets
• Fortinet — Administration Guide | Syslog Server
• Fortinet — CLI Reference | log {syslogd | syslogd2 | syslogd3 | syslogd4} setting
• Fortinet — CLI Reference | syslog