FortiGate-Howto configure multiple log servers
1 min read
FortiGate - Configure Multiple Syslog Servers
A FortiGate firewall can send logs to multiple Syslog servers simultaneously. This is useful when forwarding logs to multiple SIEM platforms, maintaining a backup logging destination, or meeting compliance requirements.
GUI Configuration
Navigate to:
Log & Report → Log Settings → Remote Logging and Archiving
FortiGate supports configuration of up to four Syslog servers:
- Syslog Server 1
- Syslog Server 2
- Syslog Server 3
- Syslog Server 4
For each server, configure:
- IP Address or FQDN
- Port (default: 514)
- Protocol (UDP, TCP, or TLS)
- Format (Default, CSV, CEF, RFC5424)
- Facility
- Source IP
CLI Configuration
Syslog Server 1
config log syslogd setting
set status enable
set server 10.1.1.10
set mode reliable
set port 514
end
Syslog Server 2
config log syslogd2 setting
set status enable
set server 10.1.1.11
set mode reliable
set port 514
end
Syslog Server 3
config log syslogd3 setting
set status enable
set server 10.1.1.12
end
Syslog Server 4
config log syslogd4 setting
set status enable
set server 10.1.1.13
end
Verify Configuration
show log syslogd setting
show log syslogd2 setting
show log syslogd3 setting
show log syslogd4 setting
Connectivity Testing
Ping Test
execute ping <syslog-ip>
execute traceroute <syslog-ip>
Generate and Review Logs
execute log filter category 0
execute log display
Packet Capture
diagnose sniffer packet any "host <syslog-ip> and port 514" 4
Best Practices
- Use TCP (
set mode reliable) instead of UDP whenever possible. - Configure a dedicated source IP for Syslog traffic.
- Use TLS encryption when supported by the receiving SIEM.
- Verify routing and firewall policies between the FortiGate and Syslog server.
- Monitor log transmission after configuration changes.
Notes
- Availability of some logging features may vary between FortiOS releases.
- Review Fortinet documentation for version-specific behavior.
- For SIEM integrations, verify supported Syslog formats before deployment.