search

FortiGate

hashtag
Install FortiGate Add-on for Splunk

FortiGate Add-on for Splunkarrow-up-right

  • You can install FortiGate Add-on for Splunk on search head, indexer, forwarder or single instance Splunk server.

hashtag
Install FortiGate Application for Splunk

FortiGate Application for Splunkarrow-up-right

  • Download and install the App

  • Settings, Data models, Fortinet FOS Log, accelrate

  • /opt/splunk/bin/splunk restart

  • Search & Reporting App, index=fortigate, Check for sourcetype feild (fortigate_traffic, fortigate_utm, fortigate_event)

  • Enterprise Security -> Security Domains

Fortinet-Splunk-Deployment-Guidearrow-up-rightTechnical Tip: How to configure syslog on FortiGatearrow-up-right

FortiGate Firewall Side

config log syslogd2 setting
    set status enable
    set server "Syslog IP"
    set source-ip "Forti Mgmt IP"
end
PreviousF5 BIG-IPNextMicrosoft Azure

Last updated