No logs are collected from Fortinet units, but tcpdump on NXlog collector shows ingoing traffic coming from them
Tags:
Fortinet
#1
DS_534595
I have a setup using NXlog instances as collectors in a large number of security zones.
<Input in0>
Module im_tcp
Host XXX.XXX.XXX.XXX
</Input>
but for some reason this does not capture logs coming in on port 514 from Fortinet units; all other logs (from Windows and Linux servers) are received and processed just fine.
tcpdump -nvvA host [Fortinet unit IP]
shows log traffic coming in on the NIC from the given IP address.
What am I missing?
#2
DS_534595
#1
DS_534595
I have a setup using NXlog instances as collectors in a large number of security zones.
<Input in0>
Module im_tcp
Host XXX.XXX.XXX.XXX
</Input>
but for some reason this does not capture logs coming in on port 514 from Fortinet units; all other logs (from Windows and Linux servers) are received and processed just fine.
tcpdump -nvvA host [Fortinet unit IP]
shows log traffic coming in on the NIC from the given IP address.
What am I missing?
Suspicion is that the TCP packages coming from FortiOS are to large for the 1M limit in NXlog CE - can anyone confirm?
