Configure FastVue Reporter for Fortigate

In order to setup our FastVue for Fortigate and our Fortigate appliance we need to proceed next steps:

1 Install FastVue

Download FastVue from https://www.fastvue.co/fortinet/download and install it. It does not require special steps, basically it’s a Next, Next, Finish setup.

2 Setup Fastvue Server as a Syslog Server in FortiGate

After successfully install we need to add Fortigate devices to our FastVue server. In order to accomplish this we need execute some commands in Fortigate CLI as follow:

config log syslogd setting
        set status enable
        set facility user
        set port 514
        set server x.x.x.x
        set mode reliable (use this setting for TCP otherwise use mode udp)
        end

3 Setup forward, local and anomaly traffic logging

config log syslogd filter
        set forward-traffic enable
        set local-traffic enable
        set anomaly enable
        set severity information
        end

4 Setup logging of all urls, referrers and headers

config webfilter profile
        edit default
        set log-all-url enable
        set web-filter-referer-log enable
        set extended-log enable
        set web-extended-all-action-log enable
        end

Now FastVue is ready to read logs. For this we need to add a datasource per each device we have and this can be done from Settings -> Sources -> Add Source in FastVue webpage.

Now we are ready to watch what is going on in our network. You will see in your dashboard something like the following image: