Setting Rules for Event Forwarding
In systems management, many servers may need access to forward logs, traps and Netflows from network devices and servers, but it is often resource intensive for network devices and servers to forward logs, traps and netflows to multiple destinations. For example, most Cisco routers can forward Netflow to two locations at most. However, AccelOps can forward/relay specific logs, traps and Netflows to one or more destinations. If you want to send a log to multiple destinations, you can send it to AccelOps, which will use an event forwarding rule to send it to the desired locations.
- Log in to your Supervisor node.
- Go to Admin > General Settings > Event Handling.
- Under Event Forwarding Rule, for multi-tenant deployments, select the organization for which the rule will apply.
- Click Add.
- For Sender IP, enter the IP address of the device that will be sending the logs.
- For Severity, select an operator and enter a severity level that must match for the log to be forwarded.
- Select the Traffic Type to which the rule should apply.
The Forward To > Port field will be populated based on your selection here.
- For Forward to > IP, enter the IP address to which the event should be forwarded.
- Click OK.
Can I forward logs which I received from windows, and internal FortiSIEM generated events using this log forwarder.. ?