Lumu Log Forwarder FortiGate Configuration
In cases where the attacks avoid domain resolution, the traces of adversarial contact can lie in the access logs of firewalls. This option is also available for accommodating networks where DNS configuration is not possible. In this scenario, the firewall forwards the logs to Log Forwarder for processing traffic. If the firewall has URL filtering enabled, and the URLs can be included in the logs, all the IT assets using the firewall would be monitored. This approach ensures compromise visibility without having to make major changes.
In
this guide, we provide you with instructions and resources on how to
configure FortiAnalyzer to forward all Firewall logs to Lumu through Log Forwarder.
Requirements
- FortiAnalyzer version 7.00+.
- Have admin access to create a new Forwarding configuration.
- Have the most recent version of the Lumu Log Forwarder Agent installed.
Configure FortiAnalyzer to Send Metadata to Lumu Log Forwarder
You can add up to 5 forwarding configurations in FortiAnalyzer. To add a new configuration, follow these steps on the GUI:
1. Go to System Settings > Log Forwarding .
2. Click on the Create New option in the toolbar. The Create New Log Forwarding pane opens.
3. Fill in the information using the following table as a reference:
Item Description Status Set the toggle to On Remote Server Type Select Syslog Server Address Enter the Lumu VA IP address Server Port Enter the Lumu VA collector configured port Reliable Connection Set the toggle to On if you configured the VA collector to use TCP, otherwise, set it to Off Sending frequency Select Real-time to forward logs in near-real time Log Forwarding Filters Define filters if you want to exclude some devices. Make sure that traffic and webfilter traffic types are included in the filter if you need to explicitly add filters 4. Save your configuration.
Related Articles
Deploy Collectors with Log Forwarder for Linux
The Lumu Log Forwarder Agent is available for Linux-based operating systems. In this article, you will find the installation procedures, both automatic and manual, for all the supported distributions. Log Forwarder is designed to streamline the data ...Deploy Collectors with Log Forwarder for Windows
Log Forwarder is designed to streamline the data collection processes from third party data collection services. While not as optimized as a fully-fledged Virtual Appliance deployment, it is a great alternative for fast and accessible deployment. ...Collect Firewall metadata with Lumu VA and FortiGate
Requirements FortiGate Next Generation Firewall version 5.6+. Have admin access to configure a syslog server on FortiGate. Have the most recent version of the Lumu Virtual Appliance installed. These are the general steps you should follow to ...Collect FortiGate Firewall Metadata with FortiAnalyzer and Lumu VA
In scenarios where all your FortiGate deployment logs are centralized within a FortiAnalyzer, you can use it to accelerate the deployment of Lumu and forward all firewall logs at once using the FortiAnalyzer data collection capabilities from Lumu. ...Log Forwarder Agent Command Reference and Installer Troubleshooting
The Log Forwarder Agent is part of the larger family of Lumu Agents. As such, it shares several features and processes with them that are outlined below. Command Quick Reference for Windows Agent Support The Lumu Log Forwarder Agent for Windows ...