Splunk
  • README
  • Docs
    • OS Migration
    • Resources
    • SSL
    • Settings
  • Integrations
    • Cisco
    • Cloudflare
    • Crowdstrike Integrations with Splunk Enterprise and ES
    • JAVA for DB Connect app
    • Delinea
    • F5 BIG-IP
    • FortiGate
    • Microsoft Azure
    • Integration Netflow with Splunk
    • Splunk Mobile
    • Telegram
    • Tenable
    • Twilio SMS
    • VMware
  • SPL Queries
    • MISC
    • SPL Queries
  • Splunk Deployment
    • Apps & Addons
    • Firewall rules
    • Indexer cluster deployment
    • Splunk Deployment
    • Splunk ES
    • Syslog-ng
    • Universal Forwarder
Powered by GitBook
On this page
  • Install FortiGate Add-on for Splunk
  • Install FortiGate Application for Splunk
  1. Integrations

FortiGate

PreviousF5 BIG-IPNextMicrosoft Azure

Last updated 2 days ago

Install FortiGate Add-on for Splunk

  • You can install FortiGate Add-on for Splunk on search head, indexer, forwarder or single instance Splunk server.

Install FortiGate Application for Splunk

  • Download and install the App

  • Settings, Data models, Fortinet FOS Log, accelrate

  • /opt/splunk/bin/splunk restart

  • Search & Reporting App, index=fortigate, Check for sourcetype feild (fortigate_traffic, fortigate_utm, fortigate_event)

  • Enterprise Security -> Security Domains

FortiGate Firewall Side

config log syslogd2 setting
    set status enable
    set server "Syslog IP"
    set source-ip "Forti Mgmt IP"
end
FortiGate Add-on for Splunk
FortiGate Application for Splunk
Fortinet-Splunk-Deployment-Guide
Technical Tip: How to configure syslog on FortiGate