FortiGate supports CSV and non-CSV log output formats. LogRhythm requires FortiGate logs to be in non-CSV format, and this is the default FortiGate setting.
To verify the output format, do the following:
-
Log in to the FortiGate Admin Utility.
-
Connect to the Command Line Interface Console and type
show log <syslogd> setting.If set csv enable is not listed, logs will be generated in the correct space-delimited format, and no further configuration is required.If set set csv enable is listed, you must change the output format.To disable CSV, type set csv disable. -
To verify the change, type
show log <syslogd> settingagain and verify that set csv enable is not listed.
Configure LogRhythm for FortiGate
No additional changes are necessary to configure LogRhythm to work with a Fortinet FortiGate v4.0+ device.