Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Back to All Docs

FortiGate FortiGate

Last Updated: Oct. 03, 2023

FortiGate traffic logs are essential records of network activity generated by Fortinet’s security appliances, providing valuable insights into the traffic patterns, security events, and performance of your network. Send these logs to Coralogix to gain a comprehensive and real-time view of your network’s health and security. With the power of data-driven insights, you can optimize network performance, troubleshoot issues faster, and make informed decisions to enhance your organization’s overall security posture.

This integration guides you on how to configure FortiGate with syslog using OpenTelemetry.

Prerequisites

To ship syslog messages from your FortiGate setup to an OpenTelemetry Collector setup, you are required to satisfy the following prerequisites:

  • Syslog over TCP. Configure your FortiGate device to send syslog messages using TCP as the transport protocol.
  • Syslog Format. The syslog message format should comply with RFC 5424.
  • Destination Address and Port. Set the destination address to the IP address where OpenTelemetry Collector is running and set the destination port to 54526, as defined in your configuration.
  • Timestamp Configuration [optional]. We recommend synchronizing your FortiGate device time with a UTC NTP server to match the location: UTC defined in your OpenTelemetry setup.

Configuration

Configure Fortigate with syslog using OpenTelemetry.

Example

The following is an example of a receiver configuration:

receivers:
  syslog:
    tcp:
      listen_address: "0.0.0.0:54526"
    protocol: rfc5424
    operators:
      - type: syslog_parser
        protocol: rfc5424
        parse_from: body
        parse_to: body
      - type: remove
        field: attributes

Customers who have configured syslog protocol RFC 5424 and syslog over TCP should configure the parameter enable_octet_counting=True, as follows:

receivers:
  syslog:
    tcp:
      listen_address: "0.0.0.0:54526"
    protocol: rfc5424
    enable_octet_counting: true
    operators:
      - type: syslog_parser
        protocol: rfc5424
        parse_from: body
        parse_to: body
      - type: remove
        field: attributes

Find out more here.

Additional Resources

DocumentationSyslog using OpenTelemetry

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

On this page