Updated the documentation

inverse-inc · Dec 31, 2024 · 2e2862a · 2e2862a
1 parent d8220f9
commit 2e2862a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/docs/images/fortigate_syslog.png b/docs/images/fortigate_syslog.png
diff --git a/docs/installation/intrusion_detection_system_integration.asciidoc b/docs/installation/intrusion_detection_system_integration.asciidoc
@@ -57,15 +57,14 @@ Action -
 
 PacketFence is able to receive DHCP information from the FortiGate firewall.
 
-
 On the PacketFence server:
 
 Modify rsyslog configuration to allow incoming UDP packets by uncommenting the following two lines in [filename]`/etc/rsyslog.conf`:
 
   $ModLoad imudp
   $UDPServerRun 514
 
-Configure [filename]`/etc/rsyslog.d/fortigate.conf` so it contains the following which will redirect fortigate log entries and stop further processing of current matched message:
+Configure [filename]`/etc/rsyslog.d/fortigate.conf` so it contains the following which will redirect fortigate log entries and stop further processing of current matched message (in that case 192.168.40.1 is the ip of the FortiGate):
 
   if $fromhost-ip=='192.168.40.1' then /usr/local/pf/var/fortigate
   & ~
@@ -78,6 +77,10 @@ Restart the rsyslog daemon
 
   service rsyslog restart
 
+On the FortiGate side make sure to configure the syslog configuration as the following:
+
+image::fortigate_syslog.png[scaledwidth="100%",alt="FortiGate Syslog"]
+
 === Suricata IDS
 
 PacketFence already contains a event handler for Suricata. This is an example to raise a security event from a syslog alert on the Suricata SID.