So many folks have run into the issue with Fortigate syslogs being sent with a timezone adjusted timestamp. I spent quite a while looking for ways to fix this with pipelines etc, but it turns out you can simply adjust it from the Fortigate.
Make sure “Time zone” in the Fortigate is set to 0 or Monrovia and then make sure “View Settings” is set to “Browser timezone”
The Fortigate should send UTC timezone by default in syslog messages not a timezone adjusted log, but this should resolve it.
Just to be clear this does change the system time of the Fortigate and the syslog timestamps to have a 0 hour offset. The Fortigate UI will respect the browser timezone and display things correctly when connected to the Fortigate.
Hello @pmit
I have a fortigate 60D, firmware 6.0 sending logs to Graylog. I didnt have to use a pipeline.
First confgured the date/time on the firewall.
Have you seen this?This helped me adjust date/time awhile back.
https://help.fortinet.com/fweb/570/Content/FortiWeb/fortiweb-admin/time.htm
Next execute the following commands to enable Syslog which is pointing to my graylog server.
Enable syslog:
config log syslogd2 setting
set status enable
set server 10.10.10.10>
set facility local7
set port 1514>
end
My INPUT using Raw/Plaintext UDP for Fortinet firewalls.
Hope that helps
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
