Error with FORTINET logs.

[tssingtampa]

Hello, I need your help. I've applied the FORTINET integration, but the logs are arriving at the SYSLOG index, and all the information is enclosed in the "message" field. I'm not sure what I'm doing wrong. Please see the attached screenshot.

[c3s4rfred]

Hi, @tssingtampa it seems that you have misconfigured the integration, follow the steps according to the guide, you need to configure the correct port on the agent you installed previously and then, send your fortinet logs to that port, finally enabling the integration will create a source log-firewall-fortigate-traffic-* in log explorer, and can be access by Log Explorer -> FortiGate menu

[tssingtampa]

Thank you very much for your prompt response, @c3s4rfred. These are the steps I have followed:

1. I installed the agent on the same server where UTMStack is running.
2. Then, I enabled the following lines in the file: /opt/utmstack-linux-agent/log-collector-config.json:
   2.1 "log_collector_enable": true, "firewall_fortinet":{"enable":true}
3. I configured the FORTINET firewall to send logs to my UTMStack server's IP address on port 7005 using the UDP protocol.

If you correct me on where I went wrong.

I have attached a screenshot of the guide that I used:

[c3s4rfred]

@tssingtampa check the configuration of your firewall, the guide that you have to follow is that one you show, ensure that you send your logs to the specified port, in the previous result that you show (log-syslog-*), the logs were going to the syslog index, which means that you configure your firewall to send logs to port 7014

[tssingtampa]

You're welcome! Let me know when you have it resolved.

[c3s4rfred]

Hi, @tssingtampa, the issue to resolve is on your side, nothing to do on our side. Is an issue in your configuration, the integration is fine, please check again, or do it all over again.
Best regards

[tssingtampa]

Thank you for your help. The issue has been resolved. The FORTINET was indeed pointing to a different port.