3
responses

Hi, we have a test setup with one Fortigate (v6.4.4) and we wanted to use tcp for log collection. We can see the Forti sending the packets (tcpdump) to our NXLog-Server and we can see them arriving (tcpdump) but the packets are not being processed by the NXLog. Using udp evertyhing works fine.

The config on the Forti is standard:

config log syslogd setting
    set status enable
    set server "10.0.172.41"
    set mode reliable
    set port 2570
end

If we switch to mode legacy-reliable we can see log entries but the look rubbish. On the NXLog we use im_tcp as input and we route it with om_file into a text file. Pretty straight forward but it does not work.

Has anyone ever used Fortinet tcp syslog with NXLog?

Regards Hardy

AskedMarch 17, 2021 - 5:42pm

Answer (1)

Hi,

Im not keen on Fortigate so I'm not sure if I'm able to help, however, accepting data over tcp shouldn't be a problem. You said log entries but the look rubbish - what does it mean? Could you share a sample, as well as sample of raw input data and maybe your full conf?

Best regards,
Rafal

Comments (2)

  • h.petroll's picture

    My fault: to use the reliable tcp connection we needed to use as InputType Syslog_TLS on our im_tcp even if we are not using any encryption. One should read the right part of the documentation.

    A clear case of RTFM.