FortiGate

Install FortiGate Add-on for Splunk

FortiGate Add-on for Splunk

  • You can install FortiGate Add-on for Splunk on search head, indexer, forwarder or single instance Splunk server.

Install FortiGate Application for Splunk

FortiGate Application for Splunk

  • Download and install the App

  • Settings, Data models, Fortinet FOS Log, accelrate

  • /opt/splunk/bin/splunk restart

  • Search & Reporting App, index=fortigate, Check for sourcetype feild (fortigate_traffic, fortigate_utm, fortigate_event)

  • Enterprise Security -> Security Domains

Fortinet-Splunk-Deployment-GuideTechnical Tip: How to configure syslog on FortiGate

FortiGate Firewall Side

config log syslogd2 setting
    set status enable
    set server "Syslog IP"
    set source-ip "Forti Mgmt IP"
end
PreviousF5 BIG-IPNextMicrosoft Azure

Last updated