How to Configuration Collecting Fortigate log messages and sending them to Sumo Logic.

Follow
Avatar
So Sopon

Hi Support

I found an issue with Configuration Collecting FortiGate Log messages and sending them to Sumo Logic.

I don't understand. configuring a Syslog Source on sumo logic, because the sumo logic is on the cloud. but Firewall Fotigate is on-premises. if FortiGate firewall sends logs to sumo logic, or do I need to install a collector for the Jum host?

Ref: Fortigate Firewall | Sumo Logic Docs 

Could you please advise me.

Thank You.

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Andrzej Stefański

    Hi So, 

    To make a connection between on-prem and cloud environment in case of FortiGate we use installed collector as described in the document you reference. On the installed collector we create SysLog Source which exposes syslog interface where FortiGate can push logs. In such case FortiGate delivers logs to local endpoint and all the risk of connectivity issues with cloud environment and hurdle with encrypting data in transfer to the cloud is on the collector and jumphost. 

    Bottom line is that currently advised and supported way is to install Collector close to the FortiGate and configure Syslog Source where FortiGate will upload the logs. 

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post