Overview

Our CCE (collection and control engine) takes log from Fortiweb using port 514(UDP), so make sure that the port 514 is allowed from the firewall.

Before you can log to Syslog, you must enable it for the log type that you want to use as a trigger. For details, see Enabling log types, packet payload retention, & resource shortage alerts.

Steps Of Configuration

Step 1. Go to Log&Report > Log Policy > Syslog Policy.

>>Note: To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the Log & Report category. For details, see Permissions.

Step 2.Click Create New.

>>Note : If the policy is new, in Policy Name, type the name of the policy as it will be referenced in the configuration.

Step 3. Click Create New.

Step 4: In IP Address, enter the address of the remote Syslog server.

Step 5.In Port, enter the listening port number of the Syslog server. The default is 514.

Step 6.Mark the Enable CSV Format check box if you want to send log messages in comma-separated value (CSV) format.

Step 7.Click OK.

Open

VERIFICATION OF CONFIGURATION

Verification can be done either from CCE Server or from UI.

Using UI

STEP 1: Login to UI >> SYSTEM

Open

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

Using CCE SERVER

“sudo tcpdump -i any host 514 and host <IP address> -AAA” command should be ran on CCE server to check wheather or not we are getting logs .