Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Stormshield Network Security

Integration Points

Protocol Information Collected Used For
Syslog Firewall logs Security and Compliance Monitoring

Configuring Stormshield to Send Logs

Follow the steps listed here under the Choose where to save logs section, to save logs.

Configuring FortiSIEM to Receive Logs

No configuration is needed. FortiSIEM can automatically detect and parse Stormshield logs based on the built in parser.

Stormshield Event Types

Go to Resources > Event Type and search "Stormshield-"

Stormshield Sample Logs

id=firewall time="2019-02-24 16:38:01" fw="SN310A17B0323A7" tz=+0100 startime="2019-02-24 16:38:00" pri=5 confid=00 slotlevel=2 ruleid=4 rulename="1690fb96019_7" srcif="Ethernet0" srcifname="out" ipproto=udp proto=ssdp src=10.11.11.11 srcport=49907 srcportname=ephemeral_fw_udp srcname=skywalker srcmac=11:11:11:11:11:11 dst=10.10.10.10 dstport=1900 dstportname=sdp ipv=4 sent=0 rcvd=0 duration=0.00 action=pass logtype="filter"

Stormshield Network Security

Integration Points

Protocol Information Collected Used For
Syslog Firewall logs Security and Compliance Monitoring

Configuring Stormshield to Send Logs

Follow the steps listed here under the Choose where to save logs section, to save logs.

Configuring FortiSIEM to Receive Logs

No configuration is needed. FortiSIEM can automatically detect and parse Stormshield logs based on the built in parser.

Stormshield Event Types

Go to Resources > Event Type and search "Stormshield-"

Stormshield Sample Logs

id=firewall time="2019-02-24 16:38:01" fw="SN310A17B0323A7" tz=+0100 startime="2019-02-24 16:38:00" pri=5 confid=00 slotlevel=2 ruleid=4 rulename="1690fb96019_7" srcif="Ethernet0" srcifname="out" ipproto=udp proto=ssdp src=10.11.11.11 srcport=49907 srcportname=ephemeral_fw_udp srcname=skywalker srcmac=11:11:11:11:11:11 dst=10.10.10.10 dstport=1900 dstportname=sdp ipv=4 sent=0 rcvd=0 duration=0.00 action=pass logtype="filter"