Fortinet cybersecurity solutions sells physical products such as firewalls, plus software and services such as anti-virus protection, intrusion prevention systems and endpoint security components.
The following table lists the data source offered by this integration.
||date_source: "Fortinet email security solution"|
On FortiMail appliances, most of the important hardware and software activities that are relevant for security detection and analysis, are logged into six files.
- History (statistics): Records all email traffic going through the FortiMail unit.
- System Event (kevent): Records system management activities, including changes to the system configuration as well as administrator and user log in and log outs.
- Mail Event (event): Records mail activities.
- Antispam (spam): Records spam detection events.
- Antivirus (virus): Records virus intrusion events.
- Encryption (encrypt): Records detection of IBE-related events.
Transport to the collector
The following prerequisites are needed in order to setup efficient log concentration:
- Have administrator privileges on the FortiMail appliance
- Traffic towards the Rsyslog must be open on
Configure logging to a RSYSLOG server
- Go to
Log and Report > Log Settings > Remote.
Newto create a new entry OR double-click an existing entry to modify it. A dialog appears.
Enableto allow logging to a remote host.
Profile name, enter a profile name.
IP, enter the IP address of the
Syslog serverwhere the FortiMail unit will store the logs.
Port, enter the UDP port number on which the Syslog server listens for connections (by default,
Level, select the severity level that a log message must equal or exceed in order to be recorded to this storage location.
Facility, select the facility identifier that the FortiMail unit will use to identify itself when sending log messages.
To easily identify log messages from the FortiMail unit when they are stored on a remote logging server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier.
Log protocol, select
Logging Policy Configuration, enable the types of logs you want to record to this storage location.
Click the arrow to review the options.
For detailed information about configuring a log forwarding, see Configure FortiMail Log Forwarding
Transport to SEKOIA.IO
Please consult the Rsyslog Transport documentation to forward these logs to SEKOIA.IO.