Syslog Configuration for Fortinet NGFW

Configuration Guide

Overview Direct link to this section

This document describes how to configure your Fortinet FortiGate Next-Generation Firewall (NGFW) to send the necessary logs to Arctic Wolf for monitoring security information.

Configuring your FortiGate NGFW for security monitoring Direct link to this section

You can configure your Fortinet NGFW for security monitoring using the:

Configuring your FortiGate NGFW for security monitoring using the GUI Direct link to this section

Note: See the offical Fortinet documentation for more information.

To configure your Fortinet NGFW for security monitoring using the GUI:

  1. Sign in to your FortiGate NGFW.
  2. Select Log & Report > Log Setting.
  3. Select the Syslog Server tab.
  4. Click Add to display the configuration editor.
  5. Configure the following options:
    1. Status — Turn on this toggle to enable the configuration.
    2. Address — Enter the management IP address for the Arctic Wolf sensor.
    3. Port — Verify that the value is 514.
  6. Configure the Event, Traffic, and Attack Logging options based on the logs you need to send to Arctic Wolf.
  7. Save the configuration.

Configuring your FortiGate NGFW for security monitoring using the CLI Direct link to this section

To configure your Fortinet NGFW for security monitoring using the CLI, run the following command:

Note: See the offical Fortinet documentation for more information on this command.

config log syslogd setting
set status enable
set server <sensor_IP>
set mode udp
set port 514
set format default
end

Providing configuration details to Arctic Wolf Direct link to this section

To provide the necessary configuration details to Arctic Wolf:

  1. Visit the Arctic Wolf Portal and select Contact your CST.
  2. Include the following information in the message for your Concierge Security® Team (CST):
    • Confirmation that you have completed the steps in this configuration guide.
    • The IP address and/or hostname of the FortiGate NGFW.
    • Any other questions or comments that you have.
  3. Select Send. Your CST reviews the details and confirms that Arctic Wolf is successfully processing the logs from your FortiGate NGFW device.