FortiSIEM Setting Rules for Event Forwarding

Setting Rules for Event Forwarding

In systems management, many servers may need access to forward logs, traps and Netflows from network devices and servers, but it is often resource intensive for network devices and servers to forward logs, traps and netflows to multiple destinations. For example, most Cisco routers can forward Netflow to two locations at most. However, AccelOps can forward/relay specific logs, traps and Netflows to one or more destinations. If you want to send a log to multiple destinations, you can send it to AccelOps, which will use an event forwarding rule to send it to the desired locations.

  1. Log in to your Supervisor node.
  2. Go to Admin > General Settings > Event Handling.
  3. Under Event Forwarding Rule, for multi-tenant deployments, select the organization for which the rule will apply.
  4. Click Add.
  5. For Sender IP, enter the IP address of the device that will be sending the logs.
  6. For Severity, select an operator and enter a severity level that must match for the log to be forwarded.
  7. Select the Traffic Type to which the rule should apply.

The Forward To > Port field will be populated based on your selection here.

  1. For Forward to > IP, enter the IP address to which the event should be forwarded.
  2. Click OK.
This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

One thought on “FortiSIEM Setting Rules for Event Forwarding

  1. Krishnan

    Can I forward logs which I received from windows, and internal FortiSIEM generated events using this log forwarder.. ?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.