Hi, we have a test setup with one Fortigate (v6.4.4) and we wanted to use tcp for log collection. We can see the Forti sending the packets (tcpdump) to our NXLog-Server and we can see them arriving (tcpdump) but the packets are not being processed by the NXLog. Using udp evertyhing works fine.
The config on the Forti is standard:
config log syslogd setting set status enable set server "10.0.172.41" set mode reliable set port 2570 end
If we switch to mode legacy-reliable we can see log entries but the look rubbish. On the NXLog we use im_tcp as input and we route it with om_file into a text file. Pretty straight forward but it does not work.
Has anyone ever used Fortinet tcp syslog with NXLog?