Add a Remote Syslog Server and Enable FortiManager to Send Local Logs to the Syslog Server
In FortiManager, navigate to System Settings > Advanced > Syslog Server and add a remote syslog server with the following values:
Name: Enter a valid name
FQDN/IP: Syslog.illum.io
Syslog Server Port: 514
Reliable Connection: Yes
Secure Connection: Yes
Local Certificate CN: Use the certificate that you imported
Peer Certificate CN: Use the certificate that you imported
Next, use FortiManager to configure each FortiGate instance to include the following values, using the following Fortinet instructions: Device DB CLI Configurations
format: cef
ssl-min-proto-version: TLSv1-2
custom-log-field: TenantId = Obtain this value from the Log Exporter