Hi, I have Fortigate 6.4.4 and Greylog 4.0.8 installed on centos 7.9
I have imported the Content Pack
Fortigate 6.4.4 Content Pack for graylog4
However in the inputs I am not seeing any metrics coming in. I have the Syslog UDP and the Raw/Plaintext UDP Configured and both of them show no metrics.
I have another one for vmware and that is showing metrics.
What could be the issue here? I am new to greylog so abit lost at present
Hello & Welcome
How are your inputs configured? Unfortunately, I don’t use the Content pack we just used Raw/Plaintext UDP input with a couple of extractors. Did the Content Pack create your inputs, or did you have to create them? Did you see anything in Graylog log files or on Fortinet pertaining to this issue?
Check the port you are using the send/receive the logs. By default Fortigate would send them to port 514
This is my config:
On FGT
get log syslogd setting
status : enable
server : 10.8.8.254
mode : udp
port : 11514
facility : local7
source-ip :
format : default
priority : default
max-log-rate : 0
My Greylog Fortigate input:
bind_address: 0.0.0.0
number_worker_threads: 4
port: 11514
recv_buffer_size: 425984
Hello,
Maybe try using something like this.
Were using this setup for our Fortgate’s. All most of our firewalls go to one port, and if that works then configure it to your needs. This way you have something to go off of.
Hope that helps
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
