[BUG] Fortigate firewall send udp syslog will have alert, send tcp syslog without alert

[david-ng-hk]

OS: new ubuntu server 24.04, without anything else install.
Browser : Windows Chrome latest
Version : v10.5.7

We have 2 fortunate firewall.
I have set it up to set tcp syslog to UTMStack agent on port 7005
on UTM UI top menu -> Data Source -> Source, I see the two firewall are added.
and I see some log are coming in, but there is no error.

I changed the fortigate firewall to send udp syslog to the same agent on port 7005.
now, on UTM UI, I see a lot of alert on the "top right -> alarm bell icon", after I click that icon, it show a lot of alert like
"Connection attempt from a blacklisted IP address"
"threatwinds: Connection attempt to a blacklisted IP address-17218...."
"ThreatWinds: Connection attempt from a blacklisted IP address-17116...."

then I changed the firewall setting to send tcp syslog.
no more such log alert.

then I changed the firewall setting to send udp syslog.
the alert log appear again.

so, it seems UTMStack handle udp and tcp syslog differently?

[osmontero]

I will move this to discussions until it become confirmed as a bug.