Lumu Log Forwarder FortiGate Configuration
In
scenarios where all your FortiGate deployment logs are centralized
within a FortiAnalyzer, you can use it to accelerate the deployment of
Lumu and forward all firewall logs at once using the FortiAnalyzer data
collection capabilities from Lumu. The Lumu Log Forwarder Agent
offers the option to create Collectors, a seamless way to integrate with network metadata of your entire enterprise and forward it to the Lumu cloud with the lowest impact on the network operation
. In
cases where the attacks avoid domain resolution, the traces of
adversarial contact can lie in the access logs of firewalls. This option
is also available for accommodating networks where DNS configuration is
not possible. In this scenario, the firewall forwards the logs to
Log Forwarder for processing traffic. If the firewall has URL filtering
enabled, and the URLs can be included in the logs, all the IT assets
using the firewall would be monitored. This approach ensures compromise
visibility without having to make major changes.
In
this guide, we provide you with instructions and resources on how to
configure FortiAnalyzer to forward all Firewall logs to Lumu through Log Forwarder.
Requirements
- FortiAnalyzer version 7.00+.
- Have admin access to create a new Forwarding configuration.
- Have the most recent version of the Lumu Log Forwarder Agent installed.
You can add up to 5 forwarding configurations in FortiAnalyzer. To add a new configuration, follow these steps on the GUI:
1. Go to System Settings > Log Forwarding .
2. Click on the Create New option in the toolbar. The Create New Log Forwarding pane opens.
3. Fill in the information using the following table as a reference:
Item | Description |
Name | Enter the name for the remote server |
Status | Set the toggle to On |
Remote Server Type | Select Syslog |
Server Address | Enter the Lumu VA IP address |
Server Port | Enter the Lumu VA collector configured port |
Reliable Connection | Set the toggle to On if you configured the VA collector to use TCP, otherwise, set it to Off |
Sending frequency | Select Real-time to forward logs in near-real time |
Log Forwarding Filters | Define
filters if you want to exclude some devices. Make sure that traffic and
webfilter traffic types are included in the filter if you need to
explicitly add filters |
4. Save your configuration.
Related Articles
Deploy Collectors with Log Forwarder for Linux
The Lumu Log Forwarder Agent is available for Linux-based operating systems. In this article, you will find the installation procedures, both automatic and manual, for all the supported distributions. Log Forwarder is designed to streamline the data ...
Deploy Collectors with Log Forwarder for Windows
Log Forwarder is designed to streamline the data collection processes from third party data collection services. While not as optimized as a fully-fledged Virtual Appliance deployment, it is a great alternative for fast and accessible deployment. ...
Collect Firewall metadata with Lumu VA and FortiGate
Requirements FortiGate Next Generation Firewall version 5.6+. Have admin access to configure a syslog server on FortiGate. Have the most recent version of the Lumu Virtual Appliance installed. These are the general steps you should follow to ...
Collect FortiGate Firewall Metadata with FortiAnalyzer and Lumu VA
In scenarios where all your FortiGate deployment logs are centralized within a FortiAnalyzer, you can use it to accelerate the deployment of Lumu and forward all firewall logs at once using the FortiAnalyzer data collection capabilities from Lumu. ...
Log Forwarder Agent Command Reference and Installer Troubleshooting
The Log Forwarder Agent is part of the larger family of Lumu Agents. As such, it shares several features and processes with them that are outlined below. Command Quick Reference for Windows Agent Support The Lumu Log Forwarder Agent for Windows ...