Syslog - Fortinet FortiGate v5.6 CEF
Device Details
Vendor | Fortinet |
|---|---|
Device Type | UTM Firewall |
Supported Model Name/Number | FortiGate Firewall |
Supported Software Version(s) | FortiOS 5.6 |
Collection Method | Syslog |
Configurable Log Output? | Yes |
Log Source Type | Syslog - Fortinet FortiGate v5.6 CEF |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | Logging output is configurable to “default,” “CEF,” or “CSV.” The “CEF” configuration is the format accepted by this policy. Fortinet CEF logging output prepends the key of some key-value pairs with the string “FTNTFGT.” This is normal and denotes field labels that do not conform to the CEF standard. |
Prerequisites
Fortinet FortiGate appliance update to FortiOS version 5.6 required.
Device Configuration Checklist
Your FortiGate device is set to “default” logging mode out of the box. To change it to the CEF format:
- Enter CLI mode.
- Set logging output to default with the following commands:
config log syslogd setting
In this example, “syslogd” is the first log output of the FortiGate device.
- set format cef
- end
