[BUG] Fortigate firewall send udp syslog will have alert, send tcp syslog without alertΒ #814
Description
OS: new ubuntu server 24.04, without anything else install.
Browser : Windows Chrome latest
Version : v10.5.7
We have 2 fortunate firewall.
I have set it up to set tcp syslog to UTMStack agent on port 7005
on UTM UI top menu -> Data Source -> Source, I see the two firewall are added.
and I see some log are coming in, but there is no error.
I changed the fortigate firewall to send udp syslog to the same agent on port 7005.
now, on UTM UI, I see a lot of alert on the "top right -> alarm bell icon", after I click that icon, it show a lot of alert like
"Connection attempt from a blacklisted IP address"
"threatwinds: Connection attempt to a blacklisted IP address-17218...."
"ThreatWinds: Connection attempt from a blacklisted IP address-17116...."
then I changed the firewall setting to send tcp syslog.
no more such log alert.
then I changed the firewall setting to send udp syslog.
the alert log appear again.
so, it seems UTMStack handle udp and tcp syslog differently?