Difference between revisions of "FortiManager & FortiAnalyzer"

From Tech-Wiki
Jump to: navigation, search
Line 34: Line 34:
 
     end
 
     end
 
     set enable-severity-filter enable
 
     set enable-severity-filter enable
     set severity-level-log error # {no-check | information | notify | warning |error | critical | alert | emergency}
+
     set severity-level-log error
     set severity-level-comp {>= | = | <=}  # Set the severity level in relation to the log level which they are monitored. For example, alerts may be monitored if the messages are greater than, and equal to (>=) Warning log level
+
     set severity-level-comp =
     set severity-filter medium # Set the alert severity indicator for the alert message sent to the recipient
+
     set severity-filter medium
     set event-time-period {0.5 | 1 | 3 | 6 | 12 | 24 | 72 | 168} # The period of time in hours during which if the threshold number is exceeded, the event will be reported
+
     set event-time-period 1
     set num-events {1 | 5 | 10 | 50 | 100}  # Set the number of events that must occur in the given interval before it is reported.
+
     set num-events 5
     set enable-generic-text enable # Enable Grep mode
+
     set enable-generic-text enable
     set generic-text <string> # Enter the text the alert looks for in the log message
+
     set generic-text <string>
 
   end
 
   end
 +
 +
More information about above:
 +
enable-severity-filter enable
 +
severity-level-log {no-check | information | notify | warning |error | critical | alert | emergency}
 +
severity-level-comp {>= | = | <=}  # Set the severity level in relation to the log level which they are monitored. For example, alerts may be monitored if the messages are greater than, and equal to (>=) Warning log level
 +
severity-filter medium # Set the alert severity indicator for the alert message sent to the recipient
 +
event-time-period {0.5 | 1 | 3 | 6 | 12 | 24 | 72 | 168} # The period of time in hours during which if the threshold number is exceeded, the event will be reported
 +
num-events {1 | 5 | 10 | 50 | 100}  # Set the number of events that must occur in the given interval before it is reported.
 +
enable-generic-text enable  # Enable Grep mode
 +
generic-text <string>  # Enter the text the alert looks for in the log message

Revision as of 17:07, 27 May 2019


Replace a device in FortiManager in case of failure of an active unit. (Remember to delete the unregistered device first) 

execute device replace sn <device_name> <serial>
execute fgfm reclaim-dev-tunnel

Enable scheduled scripts in FortiManager 

config system admin setting
  set show_schedule_script enable

Archiving logs from FortiAnalyser to external server. Then, enable ‘Delete log file older than’ in System Settings | File Management 

execute backup logs all ftp|sftp|scp <server> <username> <password>

Enable syslog forwarding on Fortigate devices 

 config log syslogd setting
   set status enable
   set server 192.168.1.50
   set reliable disable    (UDP)
   set port 514
   set csv disable
   set facility alert
   set source-ip 192.168.1.254
 end

Sending alerts out based on log messages with certain severity levels, or information within the logs. 

 config system alert-event
   edit warning
     config alert-destination
   edit 1
     set type mail
     set from [email protected]
     set to [email protected]
     set smtp-name mail.example.com
   end
   set enable-severity-filter enable
   set severity-level-log error
   set severity-level-comp =
   set severity-filter medium
   set event-time-period 1
   set num-events 5
   set enable-generic-text enable
   set generic-text <string>
 end

More information about above: 

enable-severity-filter enable
severity-level-log {no-check | information | notify | warning |error | critical | alert | emergency}
severity-level-comp {>= | = | <=}  # Set the severity level in relation to the log level which they are monitored. For example, alerts may be monitored if the messages are greater than, and equal to (>=) Warning log level
severity-filter medium # Set the alert severity indicator for the alert message sent to the recipient
event-time-period {0.5 | 1 | 3 | 6 | 12 | 24 | 72 | 168} # The period of time in hours during which if the threshold number is exceeded, the event will be reported
num-events {1 | 5 | 10 | 50 | 100}  # Set the number of events that must occur in the given interval before it is reported.
enable-generic-text enable  # Enable Grep mode
generic-text <string>  # Enter the text the alert looks for in the log message
Retrieved from ‘http://tech-wiki.net/index.php?title=FortiManager_%26_FortiAnalyzer&oldid=1353