When you create a connector for Splunk, you are specifying how FortiADC can communicate with Splunk for pushing logs to Splunk.
FortiADC will connect to Splunk by UDP, TCP or TCP SSL depending on Splunk connector setting.
- The Splunk service is required to be exposed on External IP.
To create a Splunk Connector:
- Go to Security Fabric > External Connectors.
- Click Create New.
- Under Private SDN, select Splunk. The Splunk screen is displayed.
- Configure the following options, and then click Save.
Toggle on to enable the external connector object.
Toggle off to disable the external connector object.
Address Type the IP address of the Splunk Log server. Port
Specify the port that FortiADC uses to communicate with the log server.
Select the protocol used for log transfer.
Select the severity level of the logs. All the exported logs will be attached with the selected severity level.
Enable to export the logs in .csv file.
Select the source facility of the logs. We only support the local use facilities which are not reserved and are available for general use.
Enable to export Event logs.
Enable to export Traffic logs.
Enable to export Security logs.
After the connector is created, FortiADC will push the logs to Splunk server. The above configurations are also available in Log&Report > Log Setting > Syslog Server.