1
response

No logs are collected from Fortinet units, but tcpdump on NXlog collector shows ingoing traffic coming from them

I have a setup using NXlog instances as collectors in a large number of security zones.

<Input in0>
    Module   im_tcp
    Host      XXX.XXX.XXX.XXX
</Input>

but for some reason this does not capture logs coming in on port 514 from Fortinet units; all other logs (from Windows and Linux servers) are received and processed just fine.

tcpdump -nvvA host [Fortinet unit IP]

AskedJune 22, 2021 - 12:28pm