Configuring a syslog destination on your Fortinet FortiGate Security Gateway device

To forward Fortinet FortiGate Security Gateway events to IBM QRadar, you must configure a syslog destination.

Procedure

  1. Log in to the command line on your Fortinet FortiGate Security Gateway appliance.
  2. Type the following commands, in order, replacing the variables with values that suit your environment.
    config log syslogd setting
    set status enable
    set facility <facility_name>
    set csv {disable | enable}
    set port <port_integer>
    set reliable enable
    set server <IP_address>
    end
    example: set facility syslog
    Note: If you set the value of reliable as enable, it sends as TCP; if you set the value of reliable as disable, it sends as UDP.

What to do next

Your deployment might have multiple Fortinet FortiGate Security Gateway instances that are configured to send event logs to FortiAnalyzer. If you want to send FortiAnalyzer events to QRadar, see Configuring a syslog destination on your Fortinet FortiAnalyzer device.