Re: how to allow the logs pass from the fortigate to the server

jackhunter · ‎08-16-2022

hey help me plz I want to send Syslog logs of my router to the elk server in the internal interface of my FortiGate I configured the Syslog in the router, I configure a policy rule in my FortiGate and I configured filebeat in the elk server but didn't work I don't receive the Syslog logs how can I follow the Syslog logs from my router to see the problem where?

balaji.bandi · ‎08-16-2022

On router : you configure as below :

logging enable

logging host ( Logging or ELK IP)

logging trap level

On fortigate create FW rule to allow source IP router and destination syslog server IP - protocol udb /514 allow/ accept

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

jackhunter · ‎08-17-2022

for the port, I use 9002 like the doc of elastic I configure the port 9002 in /etc/filebeat/modules.d/cisco.yml and the same in the cisco router but it still not working I try to test with this architecture to see if the problem from FortiGate or no and it doesn't work also the cisco router don't send the logs to elastic

balaji.bandi · ‎08-17-2022

have you changed the port in the cisco router config, post-show run config to look?

are you see any Logs in Fortigate FW for that traffic?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎08-18-2022

Hello,

what does the filebeat module config look like ? Make sure it looks like below:

- module: cisco
ios:
var.syslog_host: 0.0.0.0
var.syslog_port: 9002