Forwarding logs to an external server

You can configure FortiSASE to forward logs to an external server, such as FortiAnalyzer.

To forward logs to an external server:

1. Go to Analytics > Settings.
2. Enable Log Forwarding.
3. From Remote Server Type, select FortiAnalyzer, Syslog, or Common Event Format (CEF).
4. In the Server Address and Server Port fields, enter the desired address and port for FortiSASE to communicate with the server.
5. Enable Reliable Connection to use TCP for log forwarding instead of UDP.
6. Click OK.

To forward logs securely using TLS to an external syslog server:

1. Go to Analytics > Settings.
2. Enable Log Forwarding.
3. From Remote Server Type, select Syslog.
4. In the Server Address and Server Port fields, enter the desired address and port for FortiSASE to communicate with the syslog server.
5. Observe that Reliable Connection is enabled by default. Enabling this option enables TCP for log forwarding instead of UDP.
6. Observe that Secure Connection is enabled by default. Enabling this option enables TLS for log forwarding and requires Reliable Connection to be enabled.

   When hovering over the information icon, ensure the appropriate remote CA certificate for the external syslog server is uploaded for the TLS connection to succeed by clicking Certificates. Alternatively, go to System > Certificates.

   • For details on importing a remote CA certificate, see Certificates.
   • For details on the cipher suites that a secure external syslog server supports, see Supported cipher suites for secure external syslog server.

   You must import the remote CA certificate for the external syslog server to FortiSASE to establish trust with the external syslog server. Otherwise, the TLS connection fails and the external syslog server cannot read the forwarded logs.