The correct answers are A and B . For FortiNAC-F to process syslog messages from a vendor that is not already known, it needs a parser so it can understand the message structure. The study guide describes this under syslog integration: syslog files must be created, and FortiNAC-F parses CSV, CEF, or tag/value messages by using column mapping or tag-to-value mapping. That parser is what allows FortiNAC-F to extract the correct event information from the incoming message.
The sending device must also be modeled in the Inventory view, normally as a pingable device, and its Incoming Events setting must be set to Syslog with the appropriate parser selected. The guide is blunt on this point: FortiNAC-F does not process syslog or trap messages unless the source address belongs to a modeled device.
Option C is wrong because adding the device as a server in the Host view does not prepare FortiNAC-F to parse syslog input. Option D is also wrong because log receivers are for sending FortiNAC-F event or alarm information out to external systems such as FortiAnalyzer, SIEM, or a syslog server, not for receiving and parsing unknown-vendor syslog messages.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit