Fortinet white logo
Fortinet white logo

Handbook

FortiSIEM Connector

FortiSIEM Connector

When you create a connector for FortiSIEM, you are specifying how FortiADC can communicate with FortiSIEM for pushing logs to FortiSIEM.

FortiADC will connect to FortiSIEM by UDP, TCP or TCP SSL depending on FortiSIEM connector setting.

Requirements:

  • The FortiSIEM service is required to be exposed on External IP.

To create a FortiSIEM Connector:

  1. Go to Security Fabric > Fabric Connectors.
  2. Click Create New.
  3. Under Other Fortinet Products, select FortiSIEM.
  4. Configure the following Syslog Server options, and then click Save.
    Status

    Toggle on/off to enable/disable the Fabric Connector object.

    Address Type the IP address of the FortiSIEM Log server.
    Port

    Specify the port that FortiADC uses to communicate with the log server.

    Proto

    Select the protocol used for log transfer from the following:

    • UDP

    • TCP

    • TCP SSL

    TCP Framing

    Select one of the following options:

    • Traditional

    • Octet Counted

    This field appears only if Proto is TCP or TCP SSL.

    Log Level

    Select the severity level of the logs. All the exported logs will be attached with the selected severity level.

    CSV

    Enable to export the logs in .csv file.

    Facility

    Select the source facility of the logs. We only support the local use facilities which are not reserved and are available for general use.

    Event

    Enable to export Event logs.

    Traffic

    Enable to export Traffic logs.

    Security

    Enable to export Security logs.

After the connector is created, FortiADC will push the logs to FortiSIEM server. The above configurations are also available in Log&Report > Log Setting > Syslog Server.

FortiSIEM Connector

FortiSIEM Connector

When you create a connector for FortiSIEM, you are specifying how FortiADC can communicate with FortiSIEM for pushing logs to FortiSIEM.

FortiADC will connect to FortiSIEM by UDP, TCP or TCP SSL depending on FortiSIEM connector setting.

Requirements:

  • The FortiSIEM service is required to be exposed on External IP.

To create a FortiSIEM Connector:

  1. Go to Security Fabric > Fabric Connectors.
  2. Click Create New.
  3. Under Other Fortinet Products, select FortiSIEM.
  4. Configure the following Syslog Server options, and then click Save.
    Status

    Toggle on/off to enable/disable the Fabric Connector object.

    Address Type the IP address of the FortiSIEM Log server.
    Port

    Specify the port that FortiADC uses to communicate with the log server.

    Proto

    Select the protocol used for log transfer from the following:

    • UDP

    • TCP

    • TCP SSL

    TCP Framing

    Select one of the following options:

    • Traditional

    • Octet Counted

    This field appears only if Proto is TCP or TCP SSL.

    Log Level

    Select the severity level of the logs. All the exported logs will be attached with the selected severity level.

    CSV

    Enable to export the logs in .csv file.

    Facility

    Select the source facility of the logs. We only support the local use facilities which are not reserved and are available for general use.

    Event

    Enable to export Event logs.

    Traffic

    Enable to export Traffic logs.

    Security

    Enable to export Security logs.

After the connector is created, FortiADC will push the logs to FortiSIEM server. The above configurations are also available in Log&Report > Log Setting > Syslog Server.