I decided to create a separate Ubuntu 16.04.5 Syslog-NG server for my Fortinet 60E. In my datacenter at Americorp, I used Solarwinds Syslog server for all my hardware. Syslog-NG is what the Linux world said to use. I created a separate conf.d/firewalls.conf file and /var/log/firewalls for the files. It creates a year/month/day directory for the logs.
I could create a mysql database to capture the log files. I might play with that later on.
Looks at information to break up the syslog-ng into multiple log files.