Difference between revisions of "FortiManager & FortiAnalyzer"

From Tech-Wiki
Jump to: navigation, search
Line 8: Line 8:
 
  config system admin setting
 
  config system admin setting
 
   set show_schedule_script enable
 
   set show_schedule_script enable
 +
 +
Clear hit counters
 +
execute reset hitcount
  
 
Rebuild DB index from log data in FortiAnalyzer
 
Rebuild DB index from log data in FortiAnalyzer

Revision as of 13:51, 14 July 2019


Replace a device in FortiManager in case of failure of an active unit. (Remember to delete the unregistered device first)

execute device replace sn <device_name> <serial>
execute fgfm reclaim-dev-tunnel

Enable scheduled scripts in FortiManager

config system admin setting
  set show_schedule_script enable

Clear hit counters

execute reset hitcount

Rebuild DB index from log data in FortiAnalyzer

exec sql-local rebuild-db
diag sql status rebuilbd-db

Archiving logs from FortiAnalyser to external server. Then, enable ‘Delete log file older than’ in System Settings | File Management

execute backup logs all ftp|sftp|scp <server> <username> <password>

Enable syslog forwarding on Fortigate devices

 config log syslogd setting
   set status enable
   set server 192.168.1.50
   set reliable disable    (UDP)
   set port 514
   set csv disable
   set facility alert
   set source-ip 192.168.1.254
 end

Sending alerts out based on log messages with certain severity levels, or information within the logs.

 config system alert-event
   edit warning
     config alert-destination
   edit 1
     set type mail
     set from [email protected]
     set to [email protected]
     set smtp-name mail.example.com
   end
   set enable-severity-filter enable
   set severity-level-log error
   set severity-level-comp =
   set severity-filter medium
   set event-time-period 1
   set num-events 5
   set enable-generic-text enable
   set generic-text <string>
 end

More information about above:

enable-severity-filter enable
severity-level-log {no-check | information | notify | warning |error | critical | alert | emergency}
severity-level-comp {>= | = | <=}  # Set the severity level in relation to the log level which they are monitored. 
                                   For example, alerts may be monitored if the messages are greater than, and equal to (>=) Warning log level
severity-filter medium # Set the alert severity indicator for the alert message sent to the recipient
event-time-period {0.5 | 1 | 3 | 6 | 12 | 24 | 72 | 168} # The period of time in hours during which if the threshold number is exceeded, the event will be reported
num-events {1 | 5 | 10 | 50 | 100}  # Set the number of events that must occur in the given interval before it is reported.
enable-generic-text enable  # Enable Grep mode
generic-text <string>  # Enter the text the alert looks for in the log message