ingestion log of FortiAnalyzer

[soceng]

Version

2.4.50

Installation Method

Security Onion ISO image

Description

other (please provide detail below)

Installation Type

Standalone

Location

airgap

Hardware Specs

Exceeds minimum requirements

CPU

4

RAM

24 GB

Storage for /

500

Storage for /nsm

not know

Network Traffic Collection

other (please provide detail below)

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

i downloaded the Sec Onion as standalone with two interfaces one for management with IP 10.240.3.x /24 and the second to retrieve the log from FortiAnalyzer with interface 10.240.0.0/24 . currently on the FAZ (FortiAnalyzer) on the log forwarder tab I have to precise the IP address(or FQDN) of the server and port number also the format of the Log (CEF , etc ...)
could you guide me what should i do to meet this requirements on FAZ

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[robbiemarshall]

For your sniffing interface, it does not need an IP. For the integration, follow the guide here: https://docs.securityonion.net/en/2.4/pfsense.html#elastic-integration-for-pfsense

It's for pfsense specifically, but the steps will be the same. There is also a video on the Security Onion youtube channel that walks you through the process: https://www.youtube.com/watch?v=aoH8qZwAxek

[soceng]

thanks @robbiemarshall for reply , i have seen the youtube video and as on the pfsens setting menue , the log had sent to
192.168.1.10:9001 , and here is my question is this IP for syslog VM between pfsens and SecOnion . on my FortiAnalyzer shoud i put the remote server 0.0.0.0 ?