Again, Fortigate’s documentation falls down at the simplest of things, this time, syslogging – To get your Fortigate to log to a syslogger (like Kiwi/Splunk) you’ll need to go in via the CLI as they have removed this option from the GUI as of FortiOS v5.0.
Log in via shell and enter the following:
config log syslogd setting set status enable set server [ip.or.dns-name.here] end
I have seen where people say you need to explicitly:
set port 514 or
set facility local7 but these are defaults and implied.
You can set up multiple syslog server locations by simply changing the first line to
config log [syslog2|syslog3] setting and filling in the details for the other syslog servers.