Fortinet FortiGate Firewall
This Quick Start Guide provides log configuration details for SMA support: Fortinet Log Event Logs using Syslog hosting (Linux).
Support Specifications:
Version: FortiGate 5.2 - 5.6
Prerequisites:
To complete this task, you must have an Oracle Cloud account containing an OMC instance with administrator privileges.
Prerequisite | Description | For additional details... |
---|---|---|
1. Access to Oracle Management Cloud | You must have an Oracle Cloud account containing an OMC instance with administrator privileges. | How Do I Access Oracle Management Cloud? in Managing and Monitoring Oracle Cloud |
2. Cloud agent(s) installed and Log Analytics licensing enabled | Have a Cloud Agent installed on the FTP server. This host will be discovered as an entity in OMC. | Install the Cloud Agent and Enable Oracle Log Analytics in Using Log Analytics Environment Requirements in Installing and Managing Oracle Management Cloud Agents |
3. Security Monitoring and Analytics licensing enabled | Note that SMA Data Enrichment is disabled by default. | Enabling Automatic Log Analytics and Security Monitoring and Analytics Data Collection in Getting Started with Oracle Management Cloud |
Configuration Steps:
Fortinet Firewall | Task requirements | For additional details, see... |
---|---|---|
STEP 1. - Configure your syslog server. |
– Redirect logs to file: /var/log/fortinet.* – Be configured to receive logs via UDP – Have an OMC cloud agent installed. |
Syslog server documentation provided by your vendor.
Install Cloud Agents in Installing and Managing Oracle Management Cloud Agents |
STEP 2. - Configure your firewall to upload logs to your Syslog server (OMC entity). | Send Syslog events from your Fortinet Firewall to your remote Syslog Server host using UDP. | Logging and Reporting in FortiOS Handbook. and syslogd in FortiOS CLI Reference |
STEP 3. - Add an Entity Association to support the new logs in OMC using Log Analytics. | Associate Fortinet Log Event Logs with your OMC entity (the Syslog server where you installed the OMC Cloud Agent). | Security Device Sources Associating Log Sources to Existing Entities in Using Oracle Log Analytics |
STEP 4. - Validate your log collection. | Confirm your setup was successful. | Validate Log Collections |