View FortyGate Firewall Logs

Dear All,

I have just installed GrayLog Open server on the below

Rocky Linux 8.8

I want to send my forgate 1500D logs to graylog server
can anyone advise me and also help me with some links which could guid me
first time installed gray log server

thnaks and regards


Hi, there is some old Blogpost about Syslog Ingest.

And for Fortinet you can take a look at


1 Like

Dear Husturo,

Thanks for your reply
BTW i have now downloaded n installed the below content pack

Fortigate 6.x Content Pack for graylog3 by patrick ritche from github.
Binf IP is and syslog port is 1500

on the fortygate side

set status enable
set server
set port 1500

But now when go to search all events i see no data
i do a tcpdump on server i see that firewall is sending packets to server
Firewall on server is stopped

11:40:35.400746 IP 192.168.xx.xx.6020 > SYSLOG, length: 628
11:40:35.401344 IP 192.168.xx.xx.20491 > SYSLOG local7.notice, length: 772
11:40:35.402973 IP 192.168.xx.xx.19640 > SYSLOG local7.notice, length: 693
11:40:35.403329 IP 192.168.xx.xx.snmpdtls-trap > SYSLOG local7.notice, length:

Appreciate your kind help in troubleshooting the issue



Check Date/Time on Gryalog server.

dear smith,

Thanks for the reply
time is fine on server
Just to check I created a new input and here the settings
on Graylog server
charset_name: UTF-8
number_worker_threads: 10
port: 11514
recv_buffer_size: 262144
On FortyGate
KWM-FG # sh log syslogd setting
config log syslogd setting
set status enable
set server “Graylog Server IP”
set port 11514
The above config works fine when I select default stream or if the search stream bar is empty
Now if I select from the same search bar fortgaite traffic logs its empty but I see there in in/out bytes value changing
attached is a snapshot of my dashboard

appreciate your advice and assistance

Also dashboard are blank
Server is enterprise 5.0.13



This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.