**FortiGate traffic logs** are essential records of network activity generated by [Fortinet's](https://www.fortinet.com/) security appliances, providing valuable insights into the traffic patterns, security events, and performance of your network. Send these logs to Coralogix to gain a comprehensive and real-time view of your network's health and security. With the power of data-driven insights, you can optimize network performance, troubleshoot issues faster, and make informed decisions to enhance your organization's overall security posture.

This integration guides you on how to configure FortiGate with [syslog using OpenTelemetry](https://coralogix.com/docs/integrations/syslog/syslog-using-opentelemetry/index.md).

## Prerequisites

To ship syslog messages from your FortiGate setup to an OpenTelemetry Collector setup, you are required to satisfy the following prerequisites:

- **Syslog over TCP.** Configure your FortiGate device to send syslog messages using TCP as the transport protocol.
- **Syslog Format.** The syslog message format should comply with RFC 5424.
- **Destination Address and Port.** Set the destination address to the IP address where OpenTelemetry Collector is running and set the destination port to 54526, as defined in your configuration.
- **Timestamp Configuration [optional].** We **recommend** synchronizing your FortiGate device time with a UTC NTP server to match the **`location: UTC`** defined in your OpenTelemetry setup.

## Configuration

Configure Fortigate with [syslog using OpenTelemetry](https://coralogix.com/docs/integrations/syslog/syslog-using-opentelemetry/index.md).

### Example

The following is an example of a receiver configuration:

```yaml
receivers:
  syslog:
    tcp:
      listen_address: "0.0.0.0:54526"
    protocol: rfc5424
    operators:
      - type: syslog_parser
        protocol: rfc5424
        parse_from: body
        parse_to: body
      - type: remove
        field: attributes
```

Customers who have configured syslog protocol RFC 5424 and syslog over TCP should configure the parameter `enable_octet_counting`=True, as follows:

```yaml
receivers:
  syslog:
    tcp:
      listen_address: "0.0.0.0:54526"
    protocol: rfc5424
    enable_octet_counting: true
    operators:
      - type: syslog_parser
        protocol: rfc5424
        parse_from: body
        parse_to: body
      - type: remove
        field: attributes
```

Find out more [here](https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGate-syslog-via-TCP-and-log-parsing/ta-p/198397).

## Additional resources

| Documentation | [Syslog using OpenTelemetry](https://coralogix.com/docs/integrations/syslog/syslog-using-opentelemetry/index.md) |
| ------------- | ---------------------------------------------------------------------------------------------------------------- |
|               |                                                                                                                  |

## Support

**Need help?**

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us **via our in-app chat** or by sending us an email at [support@coralogix.com](mailto:support@coralogix.com).