FortiGate supports CSV and non-CSV log output formats. LogRhythm requires FortiGate logs to be in non-CSV format, and this is the default FortiGate setting.
To verify the output format, do the following:
-
Log in to the FortiGate Admin Utility.
-
Connect to the Command Line Interface Console and type
show log <syslogd> setting.-
If
set csv enableis not listed, logs will be generated in the correct space-delimited format, and no further configuration is required. -
If
set set csv enableis listed, you must change the output format. -
To disable CSV, type
set csv disable.
-
-
To verify the change, type
show log <syslogd> settingagain and verify that set csv enable is not listed.
Configure LogRhythm for FortiGate
No additional changes are necessary to configure LogRhythm to work with a Fortinet FortiGate v4.0+ device.