FortiManager & FortiAnalyzer

From Tech-Wiki
Revision as of 17:07, 27 May 2019 by Fabricio.Lima (Talk | contribs)

Jump to: navigation, search


Replace a device in FortiManager in case of failure of an active unit. (Remember to delete the unregistered device first) 

execute device replace sn <device_name> <serial>
execute fgfm reclaim-dev-tunnel

Enable scheduled scripts in FortiManager 

config system admin setting
  set show_schedule_script enable

Archiving logs from FortiAnalyser to external server. Then, enable ‘Delete log file older than’ in System Settings | File Management 

execute backup logs all ftp|sftp|scp <server> <username> <password>

Enable syslog forwarding on Fortigate devices 

 config log syslogd setting
   set status enable
   set server 192.168.1.50
   set reliable disable    (UDP)
   set port 514
   set csv disable
   set facility alert
   set source-ip 192.168.1.254
 end

Sending alerts out based on log messages with certain severity levels, or information within the logs. 

 config system alert-event
   edit warning
     config alert-destination
   edit 1
     set type mail
     set from [email protected]
     set to [email protected]
     set smtp-name mail.example.com
   end
   set enable-severity-filter enable
   set severity-level-log error
   set severity-level-comp =
   set severity-filter medium
   set event-time-period 1
   set num-events 5
   set enable-generic-text enable
   set generic-text <string>
 end

More information about above: 

enable-severity-filter enable
severity-level-log {no-check | information | notify | warning |error | critical | alert | emergency}
severity-level-comp {>= | = | <=}  # Set the severity level in relation to the log level which they are monitored. For example, alerts may be monitored if the messages are greater than, and equal to (>=) Warning log level
severity-filter medium # Set the alert severity indicator for the alert message sent to the recipient
event-time-period {0.5 | 1 | 3 | 6 | 12 | 24 | 72 | 168} # The period of time in hours during which if the threshold number is exceeded, the event will be reported
num-events {1 | 5 | 10 | 50 | 100}  # Set the number of events that must occur in the given interval before it is reported.
enable-generic-text enable  # Enable Grep mode
generic-text <string>  # Enter the text the alert looks for in the log message
Retrieved from ‘http://tech-wiki.net/index.php?title=FortiManager_%26_FortiAnalyzer&oldid=1353