Integrating logs from Fortinet devices with Splunk

Getting Data In

Hello Everyone on Splunk Forum.

I want to integrate logs from following Fortinet devices
1) Switch, model: FortiSwitch148E-POE
2) Access Points, models: FortiAP 221C and FortiAP 221E

I am aware that for Fortinet Firewall ( Fortigate ), i can install TA for that.
For Forti Switch I have found following manual:https://kb.fortinet.com/kb/documentLink.do?externalID=FD44999

But what should be done on Splunk side for getting Fortinet logs properly proccessed by Splunk, i could not find addons for that.

Thanks

BR
Dawid

Get Updates on the Splunk Community!

Integrating logs from Fortinet devices with Splunk

sourcetype

syslog

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation

Integrating logs from Fortinet devices with Splunk

sourcetype

syslog

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!