Fortinet black logo

FortiGate VPN Integration

Home FortiNAC 9.4.0 FortiGate VPN Integration
9.4.0
9.4.0

Syslog Settings

Syslog Settings

Configure FortiNAC as a syslog server. FortiNAC listens for syslog on port 514.

In the FortiGate CLI:

  • Enable send logs to syslog

  • Add the primary (Eth0/port1) FortiNAC IP Address of the control server.

  • Important: Source-IP setting must match IP address used to model the FortiGate in Topology

  • Enable Event Logging and make sure that VPN activity event is selected.

  • Log messages with ids of 0101039947 and 0101039948 (SSL), or 0101037129 and 0101037134 (IPSec) must be sent to FortiNAC.

Note: Care should be taken to avoid having the FortiGate send too many unnecessary log messages to FortiNAC. This can cause delays in message processing or even loss of messages.

CLI Settings:

FortiOS below 7.0

config log syslogd setting

set status enable >> This will send logs to syslog

set server "10.200.20.20" >> FortiNAC eth0/port1 IP address

set source-ip "10.200.20.1". >> FortiGate IP address in FortiNAC Topology View

set format csv

end

config log syslogd filter

set filter "logid(0101039947,0101039948,0101037129,0101037134)" >> syslog ids

end

config log eventfilter

set event enable >> Enable event logging

set vpn enable >> Enable VPN activity event

end

For details on syslog filters see related KB article

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-syslog-filters-on-to-send-only-specific-logs/ta-p/194032

FortiOS 7.0 and above

config log syslogd setting

set status enable >> Send logs to syslog

set server "10.200.20.20" >> FortiNAC eth0/port1 IP address

set source-ip "10.200.20.1". >> FortiGate IP address in FortiNAC Inventory View

set format csv

end

config log syslogd filter

set forward-traffic disable

set local-traffic disable

set multicast-traffic disable

set sniffer-traffic disable

set ztna-traffic disable

config free-style

edit 1

set category event >> Event log type

set filter "(logid 0101039947 0101039948 0101037129 0101037134)"

next

end

end

config log eventfilter

set event enable >> Enable event logging

set vpn enable >> Enable VPN activity event

end

Reference

syslogd settings and filters:

https://docs.fortinet.com/document/fortigate/7.0.12/administration-guide/250999/log-settings-and-targets

https://docs.fortinet.com/document/fortigate/7.2.6/administration-guide/250999/log-settings-and-targets

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/250999/log-settings-and-targets

Sections:

To configure remote logging to a syslog server

To configure log filters for a syslog server

Free-style filters:

https://docs.fortinet.com/document/fortigate/7.0.12/administration-guide/369889/configuring-and-debugging-the-free-style-filter

https://docs.fortinet.com/document/fortigate/7.2.6/administration-guide/369889/configuring-and-debugging-the-free-style-filter

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/369889/configuring-and-debugging-the-free-style-filter

For details on syslog free-style filters see related KB article

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-syslog-free-style-filters/ta-p/204606

Build VPN tunnel. Proceed to the appropriate section:

SSL VPN

IPsec VPN

Previous
Next

Syslog Settings

Configure FortiNAC as a syslog server. FortiNAC listens for syslog on port 514.

In the FortiGate CLI:

  • Enable send logs to syslog

  • Add the primary (Eth0/port1) FortiNAC IP Address of the control server.

  • Important: Source-IP setting must match IP address used to model the FortiGate in Topology

  • Enable Event Logging and make sure that VPN activity event is selected.

  • Log messages with ids of 0101039947 and 0101039948 (SSL), or 0101037129 and 0101037134 (IPSec) must be sent to FortiNAC.

Note: Care should be taken to avoid having the FortiGate send too many unnecessary log messages to FortiNAC. This can cause delays in message processing or even loss of messages.

CLI Settings:

FortiOS below 7.0

config log syslogd setting

set status enable >> This will send logs to syslog

set server "10.200.20.20" >> FortiNAC eth0/port1 IP address

set source-ip "10.200.20.1". >> FortiGate IP address in FortiNAC Topology View

set format csv

end

config log syslogd filter

set filter "logid(0101039947,0101039948,0101037129,0101037134)" >> syslog ids

end

config log eventfilter

set event enable >> Enable event logging

set vpn enable >> Enable VPN activity event

end

For details on syslog filters see related KB article

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-syslog-filters-on-to-send-only-specific-logs/ta-p/194032

FortiOS 7.0 and above

config log syslogd setting

set status enable >> Send logs to syslog

set server "10.200.20.20" >> FortiNAC eth0/port1 IP address

set source-ip "10.200.20.1". >> FortiGate IP address in FortiNAC Inventory View

set format csv

end

config log syslogd filter

set forward-traffic disable

set local-traffic disable

set multicast-traffic disable

set sniffer-traffic disable

set ztna-traffic disable

config free-style

edit 1

set category event >> Event log type

set filter "(logid 0101039947 0101039948 0101037129 0101037134)"

next

end

end

config log eventfilter

set event enable >> Enable event logging

set vpn enable >> Enable VPN activity event

end

Reference

syslogd settings and filters:

https://docs.fortinet.com/document/fortigate/7.0.12/administration-guide/250999/log-settings-and-targets

https://docs.fortinet.com/document/fortigate/7.2.6/administration-guide/250999/log-settings-and-targets

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/250999/log-settings-and-targets

Sections:

To configure remote logging to a syslog server

To configure log filters for a syslog server

Free-style filters:

https://docs.fortinet.com/document/fortigate/7.0.12/administration-guide/369889/configuring-and-debugging-the-free-style-filter

https://docs.fortinet.com/document/fortigate/7.2.6/administration-guide/369889/configuring-and-debugging-the-free-style-filter

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/369889/configuring-and-debugging-the-free-style-filter

For details on syslog free-style filters see related KB article

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-syslog-free-style-filters/ta-p/204606

Build VPN tunnel. Proceed to the appropriate section:

SSL VPN

IPsec VPN

Previous
Next