Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Handbook

Splunk Connector

When you create a connector for Splunk, you are specifying how FortiADC can communicate with Splunk for pushing logs to Splunk.

FortiADC will connect to Splunk by UDP, TCP or TCP SSL depending on Splunk connector setting.

Requirements:

  • The Splunk service is required to be exposed on External IP.

To create a Splunk Connector:

  1. Go to Security Fabric > External Connectors.
  2. Click Create New.
  3. Under Private SDN, select Splunk. The Splunk screen is displayed.
  4. Configure the following options, and then click Save.
    Status

    Toggle on to enable the external connector object.

    Toggle off to disable the external connector object.

    Address Type the IP address of the Splunk Log server.
    Port

    Specify the port that FortiADC uses to communicate with the log server.

    Proto

    Select the protocol used for log transfer.

    Log Level

    Select the severity level of the logs. All the exported logs will be attached with the selected severity level.

    CSV

    Enable to export the logs in .csv file.

    Facility

    Select the source facility of the logs. We only support the local use facilities which are not reserved and are available for general use.

    Event

    Enable to export Event logs.

    Traffic

    Enable to export Traffic logs.

    Security

    Enable to export Security logs.

After the connector is created, FortiADC will push the logs to Splunk server. The above configurations are also available in Log&Report > Log Setting > Syslog Server.

 

Splunk Connector

When you create a connector for Splunk, you are specifying how FortiADC can communicate with Splunk for pushing logs to Splunk.

FortiADC will connect to Splunk by UDP, TCP or TCP SSL depending on Splunk connector setting.

Requirements:

  • The Splunk service is required to be exposed on External IP.

To create a Splunk Connector:

  1. Go to Security Fabric > External Connectors.
  2. Click Create New.
  3. Under Private SDN, select Splunk. The Splunk screen is displayed.
  4. Configure the following options, and then click Save.
    Status

    Toggle on to enable the external connector object.

    Toggle off to disable the external connector object.

    Address Type the IP address of the Splunk Log server.
    Port

    Specify the port that FortiADC uses to communicate with the log server.

    Proto

    Select the protocol used for log transfer.

    Log Level

    Select the severity level of the logs. All the exported logs will be attached with the selected severity level.

    CSV

    Enable to export the logs in .csv file.

    Facility

    Select the source facility of the logs. We only support the local use facilities which are not reserved and are available for general use.

    Event

    Enable to export Event logs.

    Traffic

    Enable to export Traffic logs.

    Security

    Enable to export Security logs.

After the connector is created, FortiADC will push the logs to Splunk server. The above configurations are also available in Log&Report > Log Setting > Syslog Server.