Skip to main content
Skip table of contents

Syslog - Fortinet FortiGate v5.6 CEF

Device Details



Device Type

UTM Firewall

Supported Model Name/Number

FortiGate Firewall

Supported Software Version(s)

FortiOS 5.6

Collection Method


Configurable Log Output?


Log Source Type

Syslog - Fortinet FortiGate v5.6 CEF

Log Processing Policy

LogRhythm Default



Additional Information

Logging output is configurable to “default,” “CEF,” or “CSV.” The “CEF” configuration is the format accepted by this policy. Fortinet CEF logging output prepends the key of some key-value pairs with the string “FTNTFGT.” This is normal and denotes field labels that do not conform to the CEF standard.


Fortinet FortiGate appliance update to FortiOS version 5.6 required.

Device Configuration Checklist

Your FortiGate device is set to “default” logging mode out of the box. To change it to the CEF format:

  1. Enter CLI mode.
  2. Set logging output to default with the following commands:
    • config log syslogd setting

      In this example, “syslogd” is the first log output of the FortiGate device. 

    • set format cef
    • end

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.