Configure FortiAnalyzer-BigData as log server on hyperscale FortiGate
After external IP addresses for Security Manager hosts are set, you can configure a FortiGate with Hyperscale firewall features to send NetFlow v10 (IPFIX) or Syslog log messages over UDP to FortiAnalyzer-BigData. For more information, see Hyperscale Firewall Hardware logging in the Fortinet Doc Library.
To configure FortiAnalyzer-BigData as NetFlow log server on Hyberscale FortiGate:
- Go to Log & Report > Hyperscale SPU Offload Log Settings.
- Select NetFlow version V10.
- In Log Servers, click Create New to add each external IP address of FortiAnalyzer-BigData Security Manager Host.
- In the Source port and Destination port, enter 2055.
- In Log Servers Groups, click Create New to create a log group.
- For Logging mode, select Per-Session ending.
- For Log format, select NetFlow.
- For Log servers, add all the log servers created in the previous step.
- Click OK.
The FortiGate is configured to send NetFlow log messages to FortiAnalyzer-BigData.
To configure FortiAnalyzer-BigData as Syslog log server on a hyperscale FortiGate:
- Go to Log & Report > Hyperscale SPU Offload Log Settings.
- In Log Servers, click Create New to add each external IP address of FortiAnalyzer-BigData Security Manager Host.
- In the Source port and Destination port, enter
514
. - In Log Servers Groups, click Create New to create a log group.
- Set Logging mode to Per-Session ending.
- Set Log format to Syslog.
- For Log servers, add all the log servers created in the previous step.
- Click OK. The FortiGate is configured to send Syslog log messages to FortiAnalyzer-BigData.