All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What is the difference between the Splunk for Fortinet FortiOS 5 and Splunk for Fortigate apps and how do I connect my Fortigate machine?

gerisplunk
New Member
‎03-22-2015 09:09 AM

Hello,

Can somebody please help explain the difference between the Splunk for Fortinet FortiOS 5 and Splunk for Fortigate apps?

I have a fortinet v.5.0 ...enabled log forwarding to the Splunk server. Logs are displaying in the Search & Reporting app correctly ...but how can I connect FortiOS 5 app with my fortigate? I am totally new to Splunk and maybe it's not clear what I'm searching, but is it possible to directly connect via the FortiOS 5 or Fortigate app to my the Fortigate Machine???

Thank you very much in advance

0 Karma
Reply

dfigurello
Communicator
‎06-11-2015 01:47 PM

Hi gerisplunk,

Splunk for fortinet just support fortios version 4 and this app is incompatible with fortios 5.
In "Splunk for Fortinet FortiOS 5", you have a new extractions based on the FortiOS 5 new log format.

Installation Instructions:

The Splunk for FortiOS 5 can be installed by either the Splunk app setup screen, or by manually installing and configuring the app.
Once the app is installed, you need to configure the FortiGate firewall to send the logs to Splunk (udp/513 port). Below is shown the required commands to configure the firewall to send the logs (at date, FortiOS 5 do not support syslog configuration in the Web UI):

config log syslogd setting

set status enable

set server splunk_ip

set port 513

end

I love create my own dashboards and then I create my apps, because splunk is esay. Enjoy it.

Just check this ebook:
http://www.splunk.com/goto/book

Cheers!

0 Karma
Reply

jsconner
New Member
‎07-07-2015 11:01 AM

How do I turn off logging from the fortigate if I decide to stop using splunk?

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...