Configure Fortinet FortiGate Devices
To configure your Fortinet FortiGate devices, enable logging to multiple Syslog servers and configure FortiOS to send log messages to remote syslog servers in CEF format. Do one of the following:
- To configure Fortinet FortiGate devices via Command Line Interface
- To configure Fortinet FortiGate devices through the Fortigate Management Console
To configure Fortinet FortiGate devices via Command Line Interface
- Log in to the Command Line Interface (CLI).
-
Enter the following commands:
config log syslogd setting
set format cef
NOTE: To enable CEF format in some previous FortiOS versions, enter the
set csv disable
command.set csv disable
set facility <facility_name>
set port 514
set reliable disable
set server <ip_address_of_Receiver>
set status enable
end
To configure Fortinet FortiGate devices through the Fortigate Management Console
- Open Fortigate Management Console and navigate to Log&Report ® Log Config ® Log Setting.
- Select the Syslog checkbox.
-
Expand the Options section and complete the following fields:
Option Description Name/IP
Enter the address of your Netwrix Auditor Server.
Port
Set to "514". Level
Select desired logging level.
Facility
Netwrix recommends using default values.
Data format
Select CEF.
NOTE: To enable CEF format in some previous FortiOS versions, unselect the Enable CSV checkbox.
- Click Apply.