If you want Artica PCAP filter to detect malicious IP addresses through Fortigate access events, you must ensure that your Fortigate transfers network accesses via syslog.
To do this, you need to change the destination port and the format (CEF) sent by fortigate.
These parameters are available on the command line
# config log syslogd settingrouter (setting) #
(setting) # set port 5514(setting) # set server 192.168.1.190(setting) # set format cefrouter (setting) # endPort 5514 is different from default port 514.Confirm to use port 5514 instead?Do you want to continue? (y/n)yPort set to 5514