do you have have to install a flex connector for this to work? or will it work for the regular syslog connector?
since our firewall guys wanted to see IPS messages from fortigates and those weren't parsed by the syslog connector, we wrote a syslog flexagent. Put the attached file into $AGENT_HOME/user/agent/flexagent/syslog and restart the connector.
This has been tested with Fortigate 5 GA Patch 5.