SIEM

Expand all | Collapse all

FortiWeb

  • 1.  FortiWeb

    Posted Sep 22, 2019 10:05 PM
    Hi People,

    I need to configure FortiWeb to FortiWeb.

    In Fortiweb 4000 it has both Syslog Policy and SIEM policy (Under Log Policy). What is the supportive method for FortiSIEM?

    If we configured SIEM policy it shows only QRadar LEEF and ArcSight CEF. What is

    I saw that there is a comment as "CEF" is not support with FortiSIEM.


    Regards,
    Kalana

    ------------------------------
    kalana
    ------------------------------


  • 2.  RE: FortiWeb

    GROUP ADMIN
    Posted Sep 23, 2019 01:42 AM
    Hi Kalana,

    FortiSIEM version 5.2.5 supports FortiWeb using Syslog format.

    The recevied log format should be key value pair format, similar to this:

    date=2016-02-18 time=10:00:05 log_id=00001002 msg_id=000067508821 device_id=FV400D3A15450010 vd="root" timezone="(GMT+3:00)Baghdad" type=event subtype="admin" pri=information trigger_policy="" user=admin ui=GUI action=edit status=success msg="User admin changed global from GUI(196.168.6.66)"


  • 3.  RE: FortiWeb

    Posted Sep 23, 2019 11:09 PM
    @Daniel,

    Are we able to configure custom log format in


  • 4.  RE: FortiWeb

    GROUP ADMIN
    Posted Sep 26, 2019 03:10 AM
    The format needs to be the standard Key Value Pair log format. If you customise then the FortiSIEM parser may also need to be customised.