Fortigate / fortinet Logs not collected

Hello all,

I have issue with fortigate VPN logs on graylog. Even though I can see that fortigate sends the sylogs to graylog and I can see them with tcpdump but graylog not receiving them.

I tried different port numbers like 1514, 15514 and different inputs like syslog udp, plaintext udp., cef udp but still nothing received. I have other inputs from other devices and no issues. Also same fortigate device sends logs to rsyslog without any issue.

I checked date and time settings on both fortigate and graylog, they are identical.

Am I missing something? Please advise.

Thank you very much in advance.

Al

1. Check if you use correct fortigate configuration for syslog. Don’t use reliable delivery
   https://kb.fortinet.com/kb/documentLink.do?externalID=FD44614
2. Try to use Raw UDP input
3. Check if you can’t see fortigate logs in future. Graylog by default only show logs from now to past. If logs are stored with furure timestamps it can’t show it. Try to use absolute time in search and select timeframe from today to at least one day in future.

Hello Shoothub,

Thank your for your input but I already checked the forums and tried those but no result.
Logs are coming to graylog server, I can see them with TCPDUMP but graylog doesn’t even receive them. When I check the input I see 0 msg/s.

Regards,
Al

It was related to network settings. It is solved after I solved the routing.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.