Is an extra agent required for FortiGate observability?
FortiGate usually needs syslog/API flow; additional sources depend on deployment scope.
Observability
Security observability turns raw FortiGate logs into operational views teams can act on.
VPN sessions, admin logins, deny/allow actions, policy ID, user, country, ASN, and time windows should be observed together.
Search finds historical events; observability shows which risk pattern the system is approaching now.
FortiGate usually needs syslog/API flow; additional sources depend on deployment scope.