Fortinet black logo

External Systems Configuration Guide

Trend Micro Intrusion Defense Firewall (IDF)

Trend Micro Intrusion Defense Firewall (IDF)

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
Syslog

Trend Micro Configuration

Syslog

FortiSIEM processes events from this device via syslogs sent by the device. Configure the device to send syslogs to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

  • For Syslog Server, or the server where the syslogs should be sent, enter the IP address of your FortiSIEM virtual appliance.
  • For Port, enter 514.
  • Make sure that the syslog type is Common Event Format (CEF). The syslog format should be the same as that shown in the example.

Example Syslog

<134>May 31 15:24:34 DSK-FT11XL1 dsa_mpld: REASON=PLD:Disallow_Web_Proxy_Autodiscovery_Protocol REV IN= OUT=Local_Area_Connection
MAC=00:26:B9:80:74:71:2C:6B:F5:35:4E:00:08:00 SRC=192.168.20.2 DST=192.168.13.39 LEN=133 PROTO=UDP SPT=53 DPT=58187 CNT=1 act=Reset POS=0
SPOS=0 NOTE=CVE-2007-5355 FLAGS=0

Trend Micro Intrusion Defense Firewall (IDF)

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
Syslog

Trend Micro Configuration

Syslog

FortiSIEM processes events from this device via syslogs sent by the device. Configure the device to send syslogs to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

  • For Syslog Server, or the server where the syslogs should be sent, enter the IP address of your FortiSIEM virtual appliance.
  • For Port, enter 514.
  • Make sure that the syslog type is Common Event Format (CEF). The syslog format should be the same as that shown in the example.

Example Syslog

<134>May 31 15:24:34 DSK-FT11XL1 dsa_mpld: REASON=PLD:Disallow_Web_Proxy_Autodiscovery_Protocol REV IN= OUT=Local_Area_Connection
MAC=00:26:B9:80:74:71:2C:6B:F5:35:4E:00:08:00 SRC=192.168.20.2 DST=192.168.13.39 LEN=133 PROTO=UDP SPT=53 DPT=58187 CNT=1 act=Reset POS=0
SPOS=0 NOTE=CVE-2007-5355 FLAGS=0