FortiGate Syslog Integration

Configuring Fortigate to Send Data to Realm Security

Realm Security integrates seamlessly with FortiGate firewalls, enabling intelligent routing and analysis of security event logs. Follow these concise steps to configure syslog forwarding from your FortiGate firewall to Realm Security Data Fabric.

Prerequisites

Administrative access to the FortiGate firewall
Realm collector is setup and running. See Realm Collector install guide for setting up a collector.
Realm Security syslog collector IP address or FQDN
Realm Collector receiving port number. In Realm console, go to Collectors > select collector > Copy port number listed for the Stream.
Ensure the firewall's date, time, and time zone settings are correct

Configure Syslog via CLI

Standard Configuration

config log syslogd setting
    set status enable
    set mode reliable
    set server <collector_IP>
    set port <collector_receiving_port>
    set format rfc5424
end

Recommended Deployment Approach

When integrating Realm, add a new syslog forwarder to FortiGate, pointing to the Realm Collector using the designated port and IP/DNS name.

Do not remove existing syslog forwarders (e.g., for Sumo Logic). This ensures uninterrupted current data ingestion.

Fortinet Community

For more help and support for Fortinet's Fortigate Next Generation Firewall, visit Technical Tip: How to configure syslog on FortiGate

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-syslog-on-FortiGate/ta-p/331959

Event meta data

Following additional meta data fields will be included with the events

Field Name	Value
_sourceCategory	`fortigate/fortios`

FortiGate Syslog Integration ​

Configuring Fortigate to Send Data to Realm Security ​

Prerequisites ​

Configure Syslog via CLI ​

Standard Configuration ​

Recommended Deployment Approach ​

Fortinet Community ​

Event meta data ​