You can integrate LOGIQ.AI with your FortiGate Firewall to forward either all or selected logs to LOGIQ.AI using the firewall's built-in syslog forwarding capabilities.
Configuration
Drop into the firewall CLI and switch to the log syslogd configuration page
1
config log syslogd setting
Copied!
Fortigate Firewall configuration
Syslogd forwarding
Once in the syslogd configuration settings, set the following to enable forwarding to LOGIQ.AI
1
set status enable
2
set server <IP/FQDNS of LOGIQ.AI Server here>
3
set mode reliable
4
set facility local1
5
set format rfc5424
Copied!
Log Filtering configurations
For the log forwarding to work, you will may need to tweak additional settings such as filtering. E.g. in the below configuration all logs level debug and above are configured to be sent to LOGIQ.AI
1
FGTAWSX5HFDA6I36 # config log syslogd filter
2
​
3
FGTAWSX5HFDA6I36 (filter) # show
4
config log syslogd filter
5
set severity debug
6
end
7
​
8
FGTAWSX5HFDA6I36 (filter) #
Copied!
Additional filtering options can be found under the Log & Report section in the UI