FortiManager & FortiAnalyzer
From Tech-Wiki
Revision as of 16:08, 27 May 2019 by Fabricio.Lima (Talk | contribs)
Replace a device in FortiManager in case of failure of an active unit. (Remember to delete the unregistered device first)
execute device replace sn <device_name> <serial> execute fgfm reclaim-dev-tunnel
Enable scheduled scripts in FortiManager
config system admin setting set show_schedule_script enable
Archiving logs from FortiAnalyser to external server. Then, enable ‘Delete log file older than’ in System Settings | File Management
execute backup logs all ftp|sftp|scp <server> <username> <password>
Enable syslog forwarding on Fortigate devices
config log syslogd setting set status enable set server 192.168.1.50 set reliable disable (UDP) set port 514 set csv disable set facility alert set source-ip 192.168.1.254 end
Sending alerts out based on log messages with certain severity levels, or information within the logs.
config system alert-event edit warning config alert-destination edit 1 set type mail set from [email protected] set to [email protected] set smtp-name mail.example.com end set enable-severity-filter enable set severity-level-log error set severity-level-comp = set severity-filter medium set event-time-period 1 set num-events 5 set enable-generic-text enable set generic-text <string> end
More information about above:
enable-severity-filter enable severity-level-log {no-check | information | notify | warning |error | critical | alert | emergency} severity-level-comp {>= | = | <=} # Set the severity level in relation to the log level which they are monitored. For example, alerts may be monitored if the messages are greater than, and equal to (>=) Warning log level severity-filter medium # Set the alert severity indicator for the alert message sent to the recipient event-time-period {0.5 | 1 | 3 | 6 | 12 | 24 | 72 | 168} # The period of time in hours during which if the threshold number is exceeded, the event will be reported num-events {1 | 5 | 10 | 50 | 100} # Set the number of events that must occur in the given interval before it is reported. enable-generic-text enable # Enable Grep mode generic-text <string> # Enter the text the alert looks for in the log message