In this case I am using Splunk free for the syslog.
Our syslog server is running on 192.168.100.200 on UDP port 1514.
If you enable syslog in the gui you don't get many choices.
However, if we look in the cli we will see a lot more options to configure.
There are 2 main settings for the syslog. Filter and Setting.
Filter: select what types of logs to send.
Setting: configure the syslog server.
FG1 # show full-configuration log syslogd
filter: Filters for remote system server.
setting: Global settings for remote syslog server.
This is the full syslogd settings after just adding the syslog server IP in the gui.
FG1 # show full-configuration log syslogd setting
config log syslogd setting
set status enable
set server "192.168.100.200"
set mode udp
set port 514
set facility local7
set source-ip ''
set format default
set priority default
set max-log-rate 0
end
Options for the syslog format: We'll keep the default.
FG1 (setting) # set format
default Syslog format.
csv CSV (Comma Separated Values) format.
cef CEF (Common Event Format) format.
All we should need to do to get this going is to change the port to our 1514.
FG1 # config log syslogd setting
FG1 (setting) # set port 1514
FG1 (setting) # end
FG1 # show log syslogd setting
config log syslogd setting
set status enable
set server "192.168.100.200"
set port 1514
end
FG1 #
Lets look at the filter settings now and see what choices we have by default.
FG1 # show full-configuration log syslogd filter
config log syslogd filter
set severity information
set forward-traffic enable
set local-traffic enable
set multicast-traffic enable
set sniffer-traffic enable
set anomaly enable
set voip enable
set gtp enable
set filter ''
set filter-type include
end
FG1 #
I will leave everything enabled as per the defaults above for the lab.
So after all that, lets push some traffic through the FW and check the syslog for accept and deny logs.
FG1 # get system status | grep Version
Version: FortiGate-VM64 v6.2.3,build1066,191218 (GA)
Release Version Information: GA
No comments:
Post a Comment