The fortigate firewall has the possibility to save your LOG's and thus be able to see what is happening in our network, We can see the attack attempts we have, What our users do… these LOG's can be stored in different ways, one through another Fortigate product called FortiAnalyzer; another to its own internal memory (when it restarts it is deleted, It's RAM); to a USB pendrive called FortiKey and the most interesting in my case and free to a LOG's server called Syslog.

To configure the LOG's we have to go in the menu on the left to “Log & Report” and then “Log Config”. We will check the option that interests us, in my case configure a server that manages these LOG's and generates statistics or whatever interests me, so I check the SYSLOG option and put the IP of my Syslog server, The default port is usually the 514. Then we indicate what types of LOG's we want you to send us, if of Information, of Notices, of Errors… and in “Facility” we put Local7″ What is the format, Click on “Apply”.

On the “Event Log”, we must mark what we want to log in to, I usually enable everything and if it's a lot of 'straw'’ I deactivate the ones that I am NOT interested in, Click on “Apply” When we finish.

Now we need a 'something’ To collect these LOG's, for this we will use a LOG's server, that is, We will install on a server (if we don't already have it) software that knows how to deal with them, A syslog, for example the Kiwi which is free, We can download it from their official website HERE or from my site HERE. We install it, It's very simple, An assistant jumps out at us, We accept the agreement, “I Agree”,

We install it as a service, “Next”,

Normal Installation and Continue, “Next”,

The default path is that, We start installing, “Install”,

…

Once finished, We open it, “Finish”,

Vale, We give “OK”,

As soon as you open the Kiwi, We have to install the service, To do this, we go in menu A “Manage” > “Install the Syslogd service”,

Vale, tells us that it has been installed as if it were a Windows service. “OK”

Now it would have to be started so that the LOG's begin to arrive, for this: “Manage” > “Start the Syslogd service”.

We see that LOG's are coming, Everything is detailed, we see that at 13:51:46 someone has logged into the FW and at the 13:51:50 They have logged him out.