# AQUILA - Fortinet FortiGate Integration

<div data-olk-copy-source="MessageBody" id="bkmrk-please-follow-these-">Please follow these instructions:</div><div id="bkmrk-">  
</div><div id="bkmrk-step-1%3A-log-in-to-yo">Step 1: Log in to your Fortinet FortiGate Admin portal and navigate to CLI console. Please refer to the images below.</div><div id="bkmrk--1">  
</div><div id="bkmrk-%C2%A0">![](https://community.fortinet.com/legacyfs/online/images/kb_16859_1.png) ![](https://community.fortinet.com/legacyfs/online/images/kb_16859_4.png)</div><div id="bkmrk--3">  
</div><div id="bkmrk--4">  
</div><div id="bkmrk--5">  
</div><div id="bkmrk-step-2%3A-in-your-cli-">Step 2: In your CLI Console execute these commands.</div>[![image.png](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-04/scaled-1680-/OemzjY8aiad8i4XW-image.png)](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-04/OemzjY8aiad8i4XW-image.png)

<div id="bkmrk--11">  
</div><div id="bkmrk-to-configure-fortiga"><div class="x_elementToProof">**To configure FortiGate to send logs to the syslog server, we need you to provide the following details:**</div>1. **Server IP(Log Collector - Elastic Agent Host)** – This is the IP address of your remote syslog server where the logs will be sent.
2. <div>**Source IP(Fortinet FortiGate Device)**– This is the specific IP address on the FortiGate device that will be used to send the logs.</div>

<div class="x_elementToProof">Since these values depend on your network setup, we require you to provide them so we can proceed with the configuration.</div></div><div id="bkmrk--7"></div><div id="bkmrk-please-execute-these">Please execute these commands. </div><div id="bkmrk--12">  
</div><div id="bkmrk-for-syslog-setting%3A">**For Syslog Setting:**</div><div id="bkmrk--13">  
</div><table data-editing-info="{"topBorderColor":"#ABABAB","bottomBorderColor":"#ABABAB","verticalBorderColor":"#ABABAB","hasHeaderRow":false,"hasFirstColumn":false,"hasBandedRows":false,"hasBandedColumns":false,"bgColorEven":null,"bgColorOdd":"#ABABAB20","headerRowColor":"#ABABAB","tableBorderFormat":0,"verticalAlign":"top"}" id="bkmrk-config-log-syslogd-s" style="height: 169px; width: 38.2143%;"><tbody><tr><td style="width: 99.6505%;"><div>  
</div><div class="x_elementToProof" data-olk-copy-source="MessageBody">config log syslogd setting</div><div class="x_elementToProof"> set status <span style="color: rgb(45, 194, 107);">enable</span></div><div class="x_elementToProof"> set server <span style="color: rgb(224, 62, 45);">&lt;Address of remote syslog server&gt;</span></div><div class="x_elementToProof"> set facility <span style="color: rgb(45, 194, 107);">user</span></div><div class="x_elementToProof"> set source-ip <span style="color: rgb(224, 62, 45);">&lt;Source IP address of syslog&gt;</span></div><div class="x_elementToProof"> set port <span style="color: rgb(45, 194, 107);">10514</span></div><div class="x_elementToProof"> set mode <span style="color: rgb(45, 194, 107);">tcp</span></div><div class="x_elementToProof"> set format <span style="color: rgb(45, 194, 107);">default</span></div><div class="x_elementToProof">end</div><div class="x_elementToProof">  
</div><div>  
</div></td></tr></tbody></table>

<div id="bkmrk-%E2%80%82%E2%80%82%E2%80%82">**We recommend using port 10514 if 514 is already used. </div><div id="bkmrk-%E2%80%82%E2%80%82%E2%80%82-1"> </div><div id="bkmrk-for-syslog-filter%3A">**For Syslog Filter:**</div><div id="bkmrk--14">  
</div><table data-editing-info="{"topBorderColor":"#ABABAB","bottomBorderColor":"#ABABAB","verticalBorderColor":"#ABABAB","hasHeaderRow":false,"hasFirstColumn":false,"hasBandedRows":false,"hasBandedColumns":false,"bgColorEven":null,"bgColorOdd":"#ABABAB20","headerRowColor":"#ABABAB","tableBorderFormat":0,"verticalAlign":"top"}" id="bkmrk-config-log-syslogd-f" style="height: 210px; width: 37.2619%;"><tbody><tr><td style="width: 99.6406%;"><div>config log syslogd filter</div><div> set anomaly <span style="color: rgb(45, 194, 107);">enable</span></div><div> set forward-traffic <span style="color: rgb(45, 194, 107);">enable</span></div><div> set local-traffic <span style="color: rgb(45, 194, 107);">enable</span></div><div> set multicast-traffic <span style="color: rgb(45, 194, 107);">disable</span></div><div> set netscan-discovery <span style="color: rgb(45, 194, 107);">enable</span></div><div> set netscan-vulnerability <span style="color: rgb(45, 194, 107);">enable</span></div><div> set severity <span style="color: rgb(45, 194, 107);">warning</span></div><div> set sniffer-traffic <span style="color: rgb(45, 194, 107);">enable</span></div><div> set voip <span style="color: rgb(45, 194, 107);">disable</span></div><div> set ztna-traffic <span style="color: rgb(45, 194, 107);">enable</span></div><div>end</div></td></tr></tbody></table>

<div id="bkmrk--15">  
</div><div id="bkmrk-note%3A%C2%A0please-provide"><div class="x_elementToProof">**<span style="color: rgb(224, 62, 45);">NOTE:</span>** In your **Server IP**, please allow <span style="color: rgb(45, 194, 107);">inbound </span>and <span style="color: rgb(45, 194, 107);">outbound </span>for the specified **Port** and **Protocol**.</div><div class="x_elementToProof">For the **Source IP**, allow the <span style="color: rgb(45, 194, 107);">outbound</span> for the specified **Port** and **Protocol**.</div><div class="x_elementToProof"> **<span style="color: rgb(224, 62, 45);">Important!!</span>**</div><div class="x_elementToProof">**Please provide screenshots of the configurations after executing the commands.**</div><div class="x_elementToProof">**For our integration we need the** <span style="color: rgb(224, 62, 45);">**Server IP**</span> **and** <span style="color: rgb(224, 62, 45);">**Port number**</span>**.**</div><div class="x_elementToProof">  
</div></div><div id="bkmrk-%2A%2A%2Aplease-provide-sc">**\*\*\*Please provide screenshots of the configurations after executing the commands.**</div><div id="bkmrk-%C2%A0-%C2%A0-%C2%A0-%C2%A0for-our-integ"> **For our integration we need the Server IP and Port number.**</div>*Source Link for full Documentation Manual:*

*[https://docs.cytechint.io/books/system-integrations/page/fortinet-fortigate-syslog-setting-and-syslog-filter](https://docs.cytechint.io/books/system-integrations/page/fortinet-fortigate-syslog-setting-and-syslog-filter "https://docs.cytechint.io/books/system-integrations/page/fortinet-fortigate-syslog-setting-and-syslog-filter")*

*Source Link Documentation for Syslog Setting:*

*[https://docs.fortinet.com/document/fortigate/6.4.4/cli-reference/444620/config-log-syslogd-setting](https://docs.fortinet.com/document/fortigate/6.4.4/cli-reference/444620/config-log-syslogd-setting "https://docs.fortinet.com/document/fortigate/6.4.4/cli-reference/444620/config-log-syslogd-setting"):*

*Source Link Documentation for Syslog Filter:*

*[https://docs.fortinet.com/document/fortigate/7.0.9/cli-reference/456620/config-log-syslogd-filter](https://docs.fortinet.com/document/fortigate/7.0.9/cli-reference/456620/config-log-syslogd-filter "https://docs.fortinet.com/document/fortigate/7.0.9/cli-reference/456620/config-log-syslogd-filter")*

*[https://help.fortinet.com/fgt/handbook/cli52\_html/index.html#page/FortiOS%205.2%20CLI/config\_log.16.17.html](https://help.fortinet.com/fgt/handbook/cli52_html/index.html#page/FortiOS%205.2%20CLI/config_log.16.17.html "https://help.fortinet.com/fgt/handbook/cli52_html/index.html#page/FortiOS%205.2%20CLI/config_log.16.17.html")*

*Source link to better understand Log Priority Level:*

*[https://help.fortinet.com/fweb/551/log/Content/FortiWeb/fortiweb-log/Priority\_level.htm](https://help.fortinet.com/fweb/551/log/Content/FortiWeb/fortiweb-log/Priority_level.htm "https://help.fortinet.com/fweb/551/log/content/fortiweb/fortiweb-log/priority_level.htm")*

<div id="bkmrk--8"><div>  
</div>  
</div>