Fortigate and Greylog

Hi, I have Fortigate 6.4.4 and Greylog 4.0.8 installed on centos 7.9

I have imported the Content Pack
Fortigate 6.4.4 Content Pack for graylog4

However in the inputs I am not seeing any metrics coming in. I have the Syslog UDP and the Raw/Plaintext UDP Configured and both of them show no metrics.

I have another one for vmware and that is showing metrics.

What could be the issue here? I am new to greylog so abit lost at present

Hello & Welcome

How are your inputs configured? Unfortunately, I don’t use the Content pack we just used Raw/Plaintext UDP input with a couple of extractors. Did the Content Pack create your inputs, or did you have to create them? Did you see anything in Graylog log files or on Fortinet pertaining to this issue?

Check the port you are using the send/receive the logs. By default Fortigate would send them to port 514

This is my config:


get log syslogd setting 
status              : enable 
server              : 
mode                : udp 
port                : 11514
facility            : local7 
source-ip           : 
format              : default 
priority            : default 
max-log-rate        : 0

My Greylog Fortigate input:

number_worker_threads: 4
port: 11514
recv_buffer_size: 425984


Maybe try using something like this.
Were using this setup for our Fortgate’s. All most of our firewalls go to one port, and if that works then configure it to your needs. This way you have something to go off of.

Hope that helps

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.