Fortios
Key facts
- MSG Format based filter
- Legacy BSD Format default port 514
Links
Sourcetypes
| sourcetype |
notes |
| fgt_log |
Catch-all sourcetype; not used by the TA |
| fgt_traffic |
None |
| fgt_utm |
None |
| fgt_event |
None |
Sourcetype and Index Configuration
| key |
sourcetype |
index |
notes |
| fortinet_fortios_traffic |
fgt_traffic |
netfw |
none |
| fortinet_fortios_utm |
fgt_utm |
netfw |
none |
| fortinet_fortios_event |
fgt_event |
netops |
none |
| fortinet_fortios_log |
fgt_log |
netops |
none |
Source Setup and Configuration
- Refer to the admin manual for specific details of configuration to send Reliable syslog using RFC 3195 format, a typical logging configuration will include the following features.
config log memory filter
set forward-traffic enable
set local-traffic enable
set sniffer-traffic disable
set anomaly enable
set voip disable
set multicast-traffic enable
set dns enable
end
config system global
set cli-audit-log enable
end
config log setting
set neighbor-event enable
end
Options
| Variable |
default |
description |
| SC4S_OPTION_FORTINET_SOURCETYPE_PREFIX |
fgt |
Notice starting with version 1.6 of the fortinet add-on and app the sourcetype required changes from fgt_* to fortinet_* this is a breaking change to use the new sourcetype set this variable to fortigate in the env_file |