Syslogd on FortiOS 5.0.4 | Blah, Cloud

[mylesagray]

Written on 09/18/2013 19:49:28

URL: https://blah.cloud/hardware/syslogd-fortios-5-0-4/

[mylesagray]

Comment written by shiv singh on 11/20/2013 11:50:04

FortiOS v5.0 but command used very affectable...gui form user friendly....what is new version fortios .....

[mylesagray]

Comment written by Justin Hobson on 12/05/2013 03:23:16

Does Splunk with Fortinet app support FortiOS 5.0.5? Trying to run this and not having great success, searching online and no other sites believe Splunk works with v5.0.x also ?

[mylesagray]

Comment written by Myles Gray on 12/05/2013 12:00:01

Splunk does work with v5.0.4 at least (it works as a syslog server and the reporting works to SOME extent) not sure on 5.0.5 we haven't worked on this much more since 5.0.4 as we've had more important projects.

I will check this out though, if it doesn't work it shouldn't take too much work out what's broken in the Fortinet app (likely column name changes etc).

[mylesagray]

Comment written by Jack on 04/03/2014 10:20:51

Dear Myles Gray,
I have a Fortigate 100D with FortiOS 5.06 , this is my setting
config log syslogd setting
set status enable
set server "192.168.7.4"
set reliable disable
set port 515
set csv disable
set facility alert
set source-ip 192.168.9.2
end
I have a Splunk server on server 192.168.7.4 listening on port 515 TCP, my switchs can forward log to it normally, but I cannot get Fortigate works. Splunk server doesn't receive any logs from Fortigate

[mylesagray]

Comment written by Myles Gray on 04/17/2014 14:40:03

Jack, we actually have moved on from Splunk to trialling a Logstash/ElasticSearch/Kibana stack as it is:

a) free
b) easy to configure and get the data we want

I'll be putting a post up about this soon.

You're sure you've enabled 515 TCP on your iptables? Did you check the output of `netstat -tlp` on your Splunk box to see if the port is listed?

[mylesagray]

Comment written by TT on 05/01/2014 22:45:34

Can you share the config file of logstash for fortigate

[mylesagray]

Comment written by Myles Gray on 05/06/2014 07:15:01

I'll put this info up soon once we have it operating how we expect and i'll do a full guide.

[mylesagray]

Comment written by Edzilla on 05/22/2014 14:35:00

I'd be very interested as well.
We're currently working on a logstash+elasticsearch+kibana setup, but not getting really anywhere yet.

[mylesagray]

Comment written by David Fabry on 06/10/2014 23:01:26

Sounds all wonderful but the information is SO scarce. I just sopped at logstash+elasticsearch+Kibana and I'm on a loop tryng to figure it out. I'm very interested in the setup too !!

[mylesagray]

Comment written by herringchoker on 07/02/2014 02:36:18

To set the level of messages you want to see:

config log syslogd filter
set severity warning

[mylesagray]

Comment written by Raul Recinos on 08/12/2014 22:30:44

Dear Myles, have any tutorial or can help me set Logstash / ElasticSearch / Kibana, to store / display my Fortigate logs?

[mylesagray]

Comment written by Vedat Nommaz on 09/01/2015 08:12:07

Hi Myles, have you posted this guide yet?

[mylesagray]

Comment written by Myles Gray on 09/01/2015 08:17:27

It never happened Vedat unfortunately