Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Log & Event Manager (LEM) > Integrate FortiGate firewalls with SolarWinds LEM

Integrate FortiGate firewalls with SolarWinds LEM

Created by Interspire Import, last modified by MindTouch on Jun 23, 2016

Views: 3,590 Votes: 0 Revisions: 29


This KB article describes how to configure your Fortinet® FortiGate firewall to send syslog events to your SolarWinds Log and Event Manager (LEM). 

To integrate your FortiGate firewall with SolarWinds LEM: 

  1. Configure your FortiGate firewall settings. 
  2. Configure the FortiGate connector in your LEM Console.


  • All LEM versions
  • FortiGate firewalls running FortiOS 4.x or 5.x

Configure your FortiGate firewall settings

Configure the FortiGate firewall settings for your specific FortiOS operating system.

Firewalls running FortiOS 4.x

Configure your FortiGate firewall running on FortiOS 4.x:

  1. Open your FortiGate Management Console.
  2. Navigate to Log & Report > Log Config > Log Settings. 
  3. Select the Syslog check box.
  4. Expand the Options section and complete all fields. 
    1. In the Name/IP field, enter the hostname or IP address of your LEM appliance.
    2. In the Port field, enter 514.
    3. In the Level field, select the logging level where FortiGate should generate log messages.

      SolarWinds recommends Level 6 - Information. This level provides the most comprehensive logging messages.

    4. In the Facility field, enter a specific syslog facility for the LEM appliance or accept the default.

      Do not select Enable CSV Format. Clear this option (if necessary).  

      The LEM connector matches the default value in FortiGate by default. If required, you can configure custom values in both areas. 

  5. Click Apply.

    Your firewall is configured. 

Firewalls running FortiOS 5.x

In FortiOS 5.x, you can only define a syslog server using a command line. If you defined virtual domains (VDOMs), run through the appropriate command for each VDOM. 

The system includes three sets of syslog settings you need to consider before conducting an overwrite. SolarWinds recommends identifying these settings first before you continue. 

config log {syslogd | syslogd2 | syslogd3} setting

config log {syslogd | syslogd2 | syslogd3} setting

config log {syslogd | syslogd2 | syslogd3} setting



See the FortiGate FortiOS CLI Reference for 5.0 Guide located on the Fortinet website for information about the following setting:

{syslogd |  syslogd2 | syslogd3}

To configure your firewall running FortiOS 5.x, open a command line and execute the following: 

config global

config log syslogd2 setting 

set status enable

set csv disable

set server <lem><lem/></lem>

set source-ip <ip><ip/></ip>


See the FortiGate FortiOS CLI Reference for FortiOS 5.0 Guide for more information.

Configure the FortiGate connector in your LEM Console

After you configure your FortiGate firewall settings, configure the appropriate FortiGate connector in your LEM Console. 

If you are running FortiOS 4.x, configure the FortiGate 2.8+ connector. If you are running FortiOS 5.x, configure the FortiGate 5.0+ connector. 

  1. Open your LEM Console and log in as an administrator.
  2. Click Manage and select Appliances.
  3. In the Appliances screen, click the "gear" drop-down menu next to your appliance and select Connectors.
  4. In the Search field, enter Fortigate.
  5. In the Connectors screen, locate the appropriate FortiGate connector for your FortiOS operating system.
  6. Click the "gear" drop-down menu next to the appropriate connector and select New. 

    The Connector Configuration window displays. 

  7. In the Alias field, enter a custom name or accept the default name. 
  8. In the Log field, verify that the path is pointed to the local facility configured in your device syslog settings.
  9. When you are finished, click Save.
  10. Click the "gear" drop-down menu next to your new connector (highlighted with an icon in the Status column) and select Start.
  11. Click Close to exit the Connector Configuration window. 

    Your FortiGate connector is configured in your LEM console. 

See Troubleshooting network devices logging to LEM for information about troubleshooting connectors and logging devices. 

Last modified