2 Replies Latest reply on Sep 15, 2016 3:28 PM by logs_united

    Trouble setting up collection from FortiMail 5.3 to LEM

    logs_united

      Trying to get a FortiMail 400C v5.3 Mail Gateway to send Syslogs to my LEM.

       

      • I am using the FortiMail Email Security Appliances>FortiGate-2.8 connector.
      • I have the correct IP address and port in the FortiMail log settings and in LEM.
      • I have checked the firewall rules and access is allowed between the two hosts on that port.
      • I have updated the connector (all of them actually).
      • I logged in to the CMC and used the checklogs tool and I cannot find any logs from the FortiMail appliance. It should be noted that my FortiGate firewalls are writing to the same log file so that makes it a bit harder to sift through the raw log data.
      • The facility level is set to "alert" in FortiMail. I have tried other facility levels with no success.

       

      Any assistance is appreciated.

       

      Regards,

      Tim

        • Re: Trouble setting up collection from FortiMail 5.3 to LEM
          curtisi

          Tim,

           

          Can you try sending that log data to a different facility than the Fortigate Firewalls and turning the level up to debug?  That should show data pretty quickly.

           

          Alternatively, when you're in checklogs, you can type a / and then the IP of the Mail system to see if that IP appears in the checklogs.

            • Re: Trouble setting up collection from FortiMail 5.3 to LEM
              logs_united

              curtisi,

               

              Thanks for the quick response.

               

              I had previously tried changing the facility level to local2 and the severity level was already at the lowest level, Information (FortiMail does not have a debug level). Nothing ever showed up in the [14]: Syslog local2 Log (Empty).

               

              I searched for the IP address in the FortiGate log file and found nothing.

               

               

              As long as the nDepth port in LEM and the port configured in FortiMail are the same, I should be ok, right? There is no specific port that needs to be used, is there?

               

              Thanks again!