Fortigate reliable syslog does not work with NXLog | View post

h.petroll 3 years ago

Hi, we have a test setup with one Fortigate (v6.4.4) and we wanted to use tcp for log collection. We can see the Forti sending the packets (tcpdump) to our NXLog-Server and we can see them arriving (tcpdump) but the packets are not being processed by the NXLog. Using udp evertyhing works fine.

The config on the Forti is standard:

config log syslogd setting
    set status enable
    set server "10.0.172.41"
    set mode reliable
    set port 2570
end

If we switch to mode legacy-reliable we can see log entries but the look rubbish. On the NXLog we use im_tcp as input and we route it with om_file into a text file. Pretty straight forward but it does not work.

Has anyone ever used Fortinet tcp syslog with NXLog?

Regards Hardy