- You can install FortiGate Add-on for Splunk on search head, indexer, forwarder or single instance Splunk server.
FortiGate Application for Splunk
- Download and install the App
- Settings, Data models, Fortinet FOS Log, accelrate
/opt/splunk/bin/splunk restart- Search & Reporting App, index=fortigate, Check for sourcetype feild (fortigate_traffic, fortigate_utm, fortigate_event)
- Enterprise Security -> Security Domains
Fortinet-Splunk-Deployment-Guide Technical Tip: How to configure syslog on FortiGate