Logs from Fortimal

[Nataliia]

Hi team,

I want to send logs from Fortimal to Wazuh.

In which way can I do it? 

[Carlos Dams]

Hi Nataliia,

Thanks for using Wazuh!

I am assuming you mean FortiMail, please correct me if I am wrong since I am not familiar with any system named Fortimal, however, there will be a way in which you can get the logs in case it is a different system.

In case it is FortiMail, a simple option is to configure the logging in FortiMail to a syslog server, the procedure might be different depending on the version, here I am providing the documentation for FortiMail 7.2.2

That syslog server you are going to send the syslog events can be the same Wazuh Manager as explained here: Receiving syslog logs in a custom port, however, I recommend you to use rsyslog and a Wazuh Agent as an intermediary: Forward syslog events

In case it is a different system than FortiMail, you can aways get logs using localfile, here it is explained how it works: Log data collection

I hope you find this information helpful, please let me know

[Nataliia]

Hi Carlo,

I'm sorry, I mistyped. You understood correctly - I meant FortiMail.

FortiMail has own OS, not Linux or Windows. So, in this case I should configure Wazuh Manager regarding this guide -   Receiving syslog logs in a custom port, am I right?

пʼятниця, 3 лютого 2023 р. о 19:43:27 UTC+2 carlo...@wazuh.com пише: