Fortios¶
Key facts¶
- MSG Format based filter
- Legacy BSD Format default port 514
Links¶
Ref | Link |
---|---|
Splunk Add-on | https://splunkbase.splunk.com/app/2846/ |
Product Manual | https://docs.fortinet.com/product/fortigate/6.2 |
Sourcetypes¶
sourcetype | notes |
---|---|
fgt_log | Catch-all sourcetype; not used by the TA |
fgt_traffic | None |
fgt_utm | None |
fgt_event | None |
Sourcetype and Index Configuration¶
key | sourcetype | index | notes |
---|---|---|---|
fortinet_fortios_traffic | fgt_traffic | netfw | none |
fortinet_fortios_utm | fgt_utm | netfw | none |
fortinet_fortios_event | fgt_event | netops | none |
fortinet_fortios_log | fgt_log | netops | none |
Source Setup and Configuration¶
- Refer to the admin manual for specific details of configuration to send Reliable syslog using RFC 3195 format, a typical logging configuration will include the following features.
config log memory filter
set forward-traffic enable
set local-traffic enable
set sniffer-traffic disable
set anomaly enable
set voip disable
set multicast-traffic enable
set dns enable
end
config system global
set cli-audit-log enable
end
config log setting
set neighbor-event enable
end
Options¶
Variable | default | description |
---|---|---|
SC4S_OPTION_FORTINET_SOURCETYPE_PREFIX | fgt | Notice starting with version 1.6 of the fortinet add-on and app the sourcetype required changes from fgt_* to fortinet_* this is a breaking change to use the new sourcetype set this variable to fortigate in the env_file |