No logs are collected from Fortinet units, but tcpdump on NXlog collector shows ingoing traffic coming from them
Tags:
Fortinet
#1
DS_534595
I have a setup using NXlog instances as collectors in a large number of security zones.
```
Module im_tcp
Host XXX.XXX.XXX.XXX
```
but for some reason this does not capture logs coming in on port 514 from Fortinet units; all other logs (from Windows and Linux servers) are received and processed just fine.
`tcpdump -nvvA host [Fortinet unit IP]`
shows log traffic coming in on the NIC from the given IP address.
What am I missing?
#2
DS_534595
#1
DS_534595
I have a setup using NXlog instances as collectors in a large number of security zones.
```
Module im_tcp
Host XXX.XXX.XXX.XXX
```
but for some reason this does not capture logs coming in on port 514 from Fortinet units; all other logs (from Windows and Linux servers) are received and processed just fine.
`tcpdump -nvvA host [Fortinet unit IP]`
shows log traffic coming in on the NIC from the given IP address.
What am I missing?
Suspicion is that the TCP packages coming from FortiOS are to large for the 1M limit in NXlog CE - can anyone confirm?
