Table of Contents:
To configure a Syslog profile - CLI
1. Configure a syslog profile on FortiGate:
config wireless-controller syslog-profile
edit "syslog-demo-1"
set comment ''
set server-status enable
set server-addr-type ip
set server-ip forwarder IP
set server-port 11705
set log-level informational
next
end
2. Assign the Syslog profile to a FortiAP profile:
config wireless-controller wtp-profile
edit "FAP231F-default"
config platform
set type 231F
set ddscan enable
end
set syslog-profile "syslog-demo-1"
...
next
end
3. Assign the FortiAP profile to a managed FortiAP unit:
config wireless-controller wtp
edit "FP231FTF20026472"
set uuid 183ae8c6-09de-81ec-d12e-02a3c8eb88d6
set admin enable
set wtp-profile "FAP231F-default"
config radio-1
end
config radio-2
end
next
end
4. From the FortiAP console, verify that the configurations have been successful pushed to the FortiAP unit:
FortiAP-231F # cw_diag -c syslog config
Syslog configuration: en=1 addr=<forwarder IP> port=11589 log_level=6
5. Repeat the process for each device that needs to be onboarded to chronicle.
6. Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") this expression, or with a specific hostname, will provide the log source types which are ingesting to chronicle, below is the screenshot for reference.
Comments
0 comments
Please sign in to leave a comment.