Configure FortiAnalyzer-BigData Hyperscale Syslog Ingestion
By default, the received hyperscale Syslog messages are parsed and persisted in the Security Event Manager. You can configure FortiAnalyzer-BigData to forward the messages to an external Syslog UDP server:
To configure Hyperscale Syslog Ingestion:
- Go to Cluster Manager > Services > Core.
- Click the Configuration tab and go to the Hyperscale Syslog Ingestion section.
- Toggle Enable Persisting to enable or disable persisting the logs into the Security Event Manger. This is enabled by default.
- Toggle Enable Forwarding to enable or disable forwarding to an external Syslog UDP server. This is disabled by default.
- When Enable Forwarding is on, configure the destination Syslog UDP server’s IP and port.
- Click Save and follow the prompts to apply the configuration.