I have a setup using NXlog instances as collectors in a large number of security zones.
<Input in0> Module im_tcp Host XXX.XXX.XXX.XXX </Input>
but for some reason this does not capture logs coming in on port 514 from Fortinet units; all other logs (from Windows and Linux servers) are received and processed just fine.
tcpdump -nvvA host [Fortinet unit IP]
shows log traffic coming in on the NIC from the given IP address.
What am I missing?