Again, Fortigate’s documentation falls down at the simplest of things, this time, syslogging - To get your Fortigate to log to a syslogger (like Kiwi/Splunk) you’ll need to go in via the CLI as they have removed this option from the GUI as of FortiOS v5.0.
Log in via shell and enter the following:
config log syslogd setting
set status enable
set server [ip.or.dns-name.here]
end
I have seen where people say you need to explicitly:
set port 514 or set facility local7 but these are defaults and implied.
You can set up multiple syslog server locations by simply changing the first line to config log [syslog2|syslog3] setting and filling in the details for the other syslog servers.
Why not follow @mylesagray on Twitter for more like this!