Fortinet black logo

Administration Guide

Home FortiNDR 7.0.4 Administration Guide
7.0.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

Troubleshoot Log Settings

Troubleshoot Log Settings

To troubleshoot the Client:
  • Enable Send logs to your syslog server
  • Verify you are using a valid remote server address
  • Check if the GUI settings match CMDB settings:
    • Send logs to FortiAnalyzer/FortiSIEM

    • Send logs to Syslog Server 1

    • An extra remote server setting which only set via CLI command

To view the traffic with the CLI:

diag sniffer packet any "udp and port 514" 3 0 a

To troubleshoot the server:
  • Verify the sever has rsyslog installed.

  • Make sure udp port 514 is open

    sudo ss -tulnp | grep "rsyslog"

Previous
Next

Troubleshoot Log Settings

To troubleshoot the Client:
  • Enable Send logs to your syslog server
  • Verify you are using a valid remote server address
  • Check if the GUI settings match CMDB settings:
    • Send logs to FortiAnalyzer/FortiSIEM

    • Send logs to Syslog Server 1

    • An extra remote server setting which only set via CLI command

To view the traffic with the CLI:

diag sniffer packet any "udp and port 514" 3 0 a

To troubleshoot the server:
  • Verify the sever has rsyslog installed.

  • Make sure udp port 514 is open

    sudo ss -tulnp | grep "rsyslog"

Previous
Next