Skip to content


Key facts

  • MSG Format based filter
  • Legacy BSD Format default port 514
Ref Link
Splunk Add-on
Product Manual


sourcetype notes
fgt_log Catch-all sourcetype; not used by the TA
fwb_traffic None
fwb_attack None
fwb_event None

Sourcetype and Index Configuration

key sourcetype index notes
fortinet_fortiweb_traffic fwb_traffic netfw none
fortinet_fortiweb_attack fwb_attack netids none
fortinet_fortiweb_event fwb_event netops none
fortinet_fortiweb_log fwb_log netops none

Source Setup and Configuration

  • Refer to the admin manual for specific details of configuration to send Reliable syslog using RFC 3195 format, a typical logging configuration will include the following features.
config log syslog-policy

edit splunk  

config syslog-server-list 

edit 1

set server x.x.x.x

set port 514 (Example. Should be the same as default or dedicated port selected for sc4s)   



config log syslogd

set policy splunk

set status enable