Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Forwarding logs to SOCaaS

Forwarding logs to SOCaaS

To provide integration with FortiGuard SOC-as-a-Service (SOCaaS), FortiSASE supports the ability to configure log forwarding from FortiSASE to a SOCaaS collector using Log Forwarding to SOCaaS in Analytics > Settings.

Note

To be configurable, Log Forwarding to SOCaaS requires an Advanced remote users FortiSASE license or a Comprehensive remote users FortiSASE license. Otherwise, FortiSASE grays out this option in Analytics > Settings. See the FortiSASE Ordering Guide.
To configure log forwarding to SOCaaS:
  1. Go to Analytics > Settings.
  2. Enable Log Forwarding to SOCaaS.
  3. Click OK.
  4. Once FortiSASE enables this feature, observe the following:
    1. A prompt instructs you to Start Onboarding. If you click Start Onboarding, a browser window opens for the SOCaaS portal to complete onboarding. Once you complete onboarding, FortiSASE sends a service request to the SOCaaS team. Completing onboarding on the SOCaaS portal is important for this feature to work as intended.
    2. In Status, Logging Location(s) displays a SOCaaS Collector Region.
    3. Under Log Forwarding to SOCaaS, Connection Status displays Connected with a green checkmark. Hovering over the Connection Status value shows the rate at which FortiSASE forwards logs.
Note

Currently, you cannot disable the Log Forwarding to SOCaaS feature from Analytics > Settings once you have enabled it because the toggle is grayed out. To disable this feature, you must create a new FortiCare ticket.
Previous
Next

Forwarding logs to SOCaaS

To provide integration with FortiGuard SOC-as-a-Service (SOCaaS), FortiSASE supports the ability to configure log forwarding from FortiSASE to a SOCaaS collector using Log Forwarding to SOCaaS in Analytics > Settings.

Note

To be configurable, Log Forwarding to SOCaaS requires an Advanced remote users FortiSASE license or a Comprehensive remote users FortiSASE license. Otherwise, FortiSASE grays out this option in Analytics > Settings. See the FortiSASE Ordering Guide.
To configure log forwarding to SOCaaS:
  1. Go to Analytics > Settings.
  2. Enable Log Forwarding to SOCaaS.
  3. Click OK.
  4. Once FortiSASE enables this feature, observe the following:
    1. A prompt instructs you to Start Onboarding. If you click Start Onboarding, a browser window opens for the SOCaaS portal to complete onboarding. Once you complete onboarding, FortiSASE sends a service request to the SOCaaS team. Completing onboarding on the SOCaaS portal is important for this feature to work as intended.
    2. In Status, Logging Location(s) displays a SOCaaS Collector Region.
    3. Under Log Forwarding to SOCaaS, Connection Status displays Connected with a green checkmark. Hovering over the Connection Status value shows the rate at which FortiSASE forwards logs.
Note

Currently, you cannot disable the Log Forwarding to SOCaaS feature from Analytics > Settings once you have enabled it because the toggle is grayed out. To disable this feature, you must create a new FortiCare ticket.
Previous
Next