FortiGate Syslog Integration

Configuring Fortigate to Send Data to Realm Security

Realm Security integrates seamlessly with FortiGate firewalls, enabling intelligent routing and analysis of security event logs. Follow these steps to configure syslog forwarding from your FortiGate firewall to Realm Security Data Fabric.

Prerequisites

Administrative access to the FortiGate firewall
Realm collector is set up and running. See Realm Collector install guide for setting up a collector.
Realm Security syslog collector IP address or FQDN
Realm Collector receiving port number. In Realm console, go to Collectors > select collector and copy the port number listed for the Stream.
Ensure the firewall's date, time, and time zone settings are correct

Configure Syslog via CLI

Standard Configuration

text

config log syslogd setting
    set status enable
    set mode reliable
    set server <collector_IP>
    set port <collector_receiving_port>
    set format rfc5424
end

Recommended Deployment Approach

When integrating Realm, add a new syslog forwarder to FortiGate, pointing to the Realm Collector using the designated port and IP/DNS name.

Do not remove existing syslog forwarders (e.g., for Sumo Logic). This ensures uninterrupted current data ingestion.

Fortinet Community

For more help and support for Fortinet's Fortigate Next Generation Firewall, visit Technical Tip: How to configure syslog on FortiGate.

Event Metadata

The following additional metadata fields will be included with the events:

Field Name	Value
_sourceCategory	`fortigate/fortios`

FortiGate Syslog Integration ​

Configuring Fortigate to Send Data to Realm Security ​

Prerequisites ​

Configure Syslog via CLI ​

Standard Configuration ​

Recommended Deployment Approach ​

Fortinet Community ​

Event Metadata ​