1. Using Oracle Security Monitoring and Analytics
  2. Configuration of Security Log Sources
  3. Configuration Quick-Start Guides
  4. Fortinet FortiGate Firewall

Fortinet FortiGate Firewall

This Quick Start Guide provides log configuration details for SMA support: Fortinet Log Event Logs using Syslog hosting (Linux).

Support Specifications:

Version: FortiGate 5.2 - 5.6

Prerequisites:

To complete this task, you must have an Oracle Cloud account containing an OMC instance with administrator privileges.
Prerequisite Description For additional details...
1. Access to Oracle Management Cloud You must have an Oracle Cloud account containing an OMC instance with administrator privileges. How Do I Access Oracle Management Cloud? in Managing and Monitoring Oracle Cloud

About Roles and Users
2. Cloud agent(s) installed and Log Analytics licensing enabled Have a Cloud Agent installed on the FTP server. This host will be discovered as an entity in OMC. Install the Cloud Agent and Enable Oracle Log Analytics in Using Log Analytics

Environment Requirements in Installing and Managing Oracle Management Cloud Agents
3. Security Monitoring and Analytics licensing enabled Note that SMA Data Enrichment is disabled by default. Enabling Automatic Log Analytics and Security Monitoring and Analytics Data Collection in Getting Started with Oracle Management Cloud

Configuration Steps:

Fortinet Firewall Task requirements For additional details, see...
STEP 1. - Configure your syslog server.

– Redirect logs to file: /var/log/fortinet.*

– Be configured to receive logs via UDP

– Have an OMC cloud agent installed.

 Syslog server documentation provided by your vendor.

Install Cloud Agents in Installing and Managing Oracle Management Cloud Agents
STEP 2. - Configure your firewall to upload logs to your Syslog server (OMC entity). Send Syslog events from your Fortinet Firewall to your remote Syslog Server host using UDP. Logging and Reporting in FortiOS Handbook. and syslogd in FortiOS CLI Reference
STEP 3. - Add an Entity Association to support the new logs in OMC using Log Analytics. Associate Fortinet Log Event Logs with your OMC entity (the Syslog server where you installed the OMC Cloud Agent). Security Device Sources

Associating Log Sources to Existing Entities in Using Oracle Log Analytics
STEP 4. - Validate your log collection. Confirm your setup was successful. Validate Log Collections