Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Stormshield Network Security

Integration Points

Protocol Information Collected Used For
Syslog Firewall logs Security and Compliance Monitoring

Event Types

Go to RESOURCES > Event Type and search "Stormshield-" in the main content panel Search... field to see the event types associated with this device. 

Configuration

Configuring Stormshield to Send Logs

Follow the steps listed here under the Choose where to save logs section, to save logs.

Configuring FortiSIEM to Receive Logs

No configuration is needed. FortiSIEM can automatically detect and parse Stormshield logs based on the built in parser.

Sample Logs

id=firewall time="2019-02-24 16:38:01" fw="SN310A17B0323A7" tz=+0100 startime="2019-02-24 16:38:00" pri=5 confid=00 slotlevel=2 ruleid=4 rulename="1690fb96019_7" srcif="Ethernet0" srcifname="out" ipproto=udp proto=ssdp src=10.11.11.11 srcport=49907 srcportname=ephemeral_fw_udp srcname=skywalker srcmac=11:11:11:11:11:11 dst=10.10.10.10 dstport=1900 dstportname=sdp ipv=4 sent=0 rcvd=0 duration=0.00 action=pass logtype="filter"

Stormshield Network Security

Integration Points

Protocol Information Collected Used For
Syslog Firewall logs Security and Compliance Monitoring

Event Types

Go to RESOURCES > Event Type and search "Stormshield-" in the main content panel Search... field to see the event types associated with this device. 

Configuration

Configuring Stormshield to Send Logs

Follow the steps listed here under the Choose where to save logs section, to save logs.

Configuring FortiSIEM to Receive Logs

No configuration is needed. FortiSIEM can automatically detect and parse Stormshield logs based on the built in parser.

Sample Logs

id=firewall time="2019-02-24 16:38:01" fw="SN310A17B0323A7" tz=+0100 startime="2019-02-24 16:38:00" pri=5 confid=00 slotlevel=2 ruleid=4 rulename="1690fb96019_7" srcif="Ethernet0" srcifname="out" ipproto=udp proto=ssdp src=10.11.11.11 srcport=49907 srcportname=ephemeral_fw_udp srcname=skywalker srcmac=11:11:11:11:11:11 dst=10.10.10.10 dstport=1900 dstportname=sdp ipv=4 sent=0 rcvd=0 duration=0.00 action=pass logtype="filter"