Fortinet FortiLog-800 manuel d'utilisation
- Voir en ligne ou télécharger le manuel d’utilisation
- 124 pages
- 2.28 mb
Aller à la page of
Les manuels d’utilisation similaires
-
Network Card
Fortinet ASM-CX4
1 pages 0.32 mb -
Network Card
Fortinet FortiGate 3016B
2 pages 0.82 mb -
Network Card
Fortinet FortiDB-1000B
2 pages 0.44 mb -
Network Card
Fortinet FortiGate-5000
77 pages 9.78 mb -
Network Card
Fortinet FortiMail-100
2 pages 0.88 mb -
Network Card
Fortinet FortiGate 800/800F
54 pages 1.65 mb -
Network Card
Fortinet 5140-R
32 pages 7.01 mb -
Network Card
Fortinet FortiGate v3.0 MR7
66 pages 0.92 mb
Un bon manuel d’utilisation
Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Fortinet FortiLog-800. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Fortinet FortiLog-800 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.
Qu'est ce que le manuel d’utilisation?
Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Fortinet FortiLog-800 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.
Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.
Donc, ce qui devrait contenir le manuel parfait?
Tout d'abord, le manuel d’utilisation Fortinet FortiLog-800 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Fortinet FortiLog-800
- nom du fabricant et année de fabrication Fortinet FortiLog-800
- instructions d'utilisation, de réglage et d’entretien de l'équipement Fortinet FortiLog-800
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes
Pourquoi nous ne lisons pas les manuels d’utilisation?
Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Fortinet FortiLog-800 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Fortinet FortiLog-800 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Fortinet en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Fortinet FortiLog-800, comme c’est le cas pour la version papier.
Pourquoi lire le manuel d’utilisation?
Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Fortinet FortiLog-800, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.
Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Fortinet FortiLog-800. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.
Table des matières du manuel d’utilisation
-
Page 1
FortiLog Administration Guide 1 4 FortiLog-100 FortiLog-400 8 FortiLog-800 FortiLog Administration Guide Ve r s i o n 1 . 6 January 15, 2004 05-16000-0082 -200501 15[...]
-
Page 2
© Copyright 2005 Fortine t Inc. All rights reserved . No part of this publication incl uding text, examples , diagrams or illustrations may be reproduced, transmitted, or translated in any form or by an y means, electro nic, mechanical, manual, optical or otherwise, for any purpose, without prio r written permiss ion of Fort inet Inc. FortiLog Adm[...]
-
Page 3
Contents FortiLog Administration Guide 05-16000-0082-20050 1 15 3 Table of Contents Introduction ............. .............................. ........................................................ ......... 7 Operational Modes............. ............. ................ ............. ................ ............. ................ .......... 8 Ac[...]
-
Page 4
Contents 4 05-16000-0082-20050 1 15 Fortinet Inc. Managing the FortiLog unit ........... ............................................................. ......... 29 Status .......................... ............. ............. ................ ............. ............. ................ ........... ....... 29 Status ...... ................ ........[...]
-
Page 5
Contents FortiLog Administration Guide 05-16000-0082-20050 1 15 5 Reports ............................. ............................................... ............................ ......... 57 Creating and generating a report .... ................ ............. ................ ................ ................ ..... 57 Configuring report paramete[...]
-
Page 6
Contents 6 05-16000-0082-20050 1 15 Fortinet Inc. Adding and modifying group accounts . ................ ............. ................ ................. ........... 83 Assigning access to folders . ................ ............. ................ ............. ............. ................ .. 83 Modifying the user or group folder ac cess . ... ...[...]
-
Page 7
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 7 Introduction FortiLog unit s are network appliances that provide integr ated log collection, analysis tools and dat a storage. Det ailed log report s provide historical as well as current analysis of network and email activity to help identify securi[...]
-
Page 8
8 05-16000-0082-20050 1 15 Fortinet Inc. Operational Modes Introduction Operational Modes The FortiLog device can op erate in two m odes: Active mode or Passive mo de. The web-based interface provides an interface that r eflects each models’ functionality . Active Mode Active mode is the default mo de for the Fort iLog unit. In Active mode, the F[...]
-
Page 9
Introduction Operational Modes FortiLog Administration Guide 05-16000-0082-20050 1 15 9 Figure 3: FortiLog Active mode n etwork architec ture Passive Mode Passive mode enables you to use the Fort iLog unit solely as a Network Attach ed Server (NAS) storage device. The collection of device log files and the log reporting features are not available i[...]
-
Page 10
10 05-16000-0082-20050 1 15 Fortinet Inc. About this guide Introduction About this guide This document describe s how to set up and configure the FortiLog unit. The configuration and featur es of the FortiLog unit are similar in ei ther mode. Section titles indicate where the features or configuration dif fers or is unique to each mode. For example[...]
-
Page 11
Introduction Related documentati on FortiLog Administration Guide 05-16000-0082-20050 1 15 11 Related document ation Additional info rmation about Fortinet prod uc ts is available from the following related documentation . FortiGate documentation Information about FortiGate product s is available from the following guides: • FortiGate QuickS tart[...]
-
Page 12
12 05-16000-0082-20050 1 15 Fortinet Inc. Related documentati on Introduction FortiManager documentation • FortiManager QuickS t art Guide Explains how to inst all the FortiManager Console, set up the FortiMan ager Server , and configure basic setting s. • FortiManager System Administra tion Guide Describes how to use the FortiManager System to[...]
-
Page 13
Introduction Customer service a nd technical support FortiLog Administration Guide 05-16000-0082-20050 1 15 13 Customer service and technical support For antiviru s and attack d efinition u p dates, firmware updates, updated product documentation , technical support informatio n , and other resources, please visit the Fortinet technical support we [...]
-
Page 14
14 05-16000-0082-20050 1 15 Fortinet Inc. Customer service and technical support Introduction[...]
-
Page 15
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 15 Setting up the FortiLog unit This chapte r includes : • Checking the package conte nts • Hardware specifications • Planning the inst allation • Connecting the FortiLog unit • Configuring the FortiLog unit Checking the p ackage contents The[...]
-
Page 16
16 05-16000-0082-20050 1 15 Fortinet Inc. Checking the package contents Setting up the FortiLog unit Figure 5: FortiLog front an d back diagrams Hardware specifications Dimensions • FortiLog-100: 38 x 17 x 31 cm • FortiLog-400: 54 x 33 x 44 cm • FortiLog-800: 78 x 65 x 25 cm Weight • FortiLog-100: 2.5 kg • FortiLog-400: 1 1 kg • FortiLo[...]
-
Page 17
Setting up the FortiLog unit Planning the installati on FortiLog Administration Guide 05-16000-0082-20050 1 15 17 Power requirements • FortiLog-100 • AC input volt age: 100 to 2 40 V AC • AC input current: 1.0 A • Frequency: 47 to 63 Hz • FortiLog -400 and 800 • AC input voltage: 1 15 to 230 V AC • AC input current: 4 to 2 A • Frequ[...]
-
Page 18
18 05-16000-0082-20050 1 15 Fortinet Inc. Connecting the FortiLog unit Setting up the FortiLog unit Figure 6: FortiLog co nnection option Connecting the FortiLog unit Y ou can install the FortiLog un it as a free-standin g appliance on any stable su rface. Y ou can mount the FortiLog-8 00 unit in a sta ndard 19-inch rack. It requir es 1 U of vertic[...]
-
Page 19
Setting up the FortiLog unit Configuring the FortiLog unit FortiLog Administration Guide 05-16000-0082-20050 1 15 19 Configuring the FortiLog unit Use the web-based man ager or the Command Line In terface (CLI) to configure the F ortiLog unit IP address, netmask, DNS se rver IP a ddress, and defa ult gateway IP address. Using the web-based manager [...]
-
Page 20
20 05-16000-0082-20050 1 15 Fortinet Inc. Configuring the FortiLog u nit Setting up th e FortiLog unit 6 T ype admin in the Name field and select Login. After connecting to the Web-base d manager , you can configure the Fo rtiLog unit IP address, DNS server IP address, and de faul t gateway to connect the FortiLog uni t to the network. T o configur[...]
-
Page 21
Setting up the FortiLog unit Configuring the FortiLog unit FortiLog Administration Guide 05-16000-0082-20050 1 15 21 3 Set the primary DNS se rver IP address: set system dns primary <IP_address> 4 Optionally set the secondary DNS server IP address: set system dns secondary <IP_address> 5 Set the default gateway: set system route number [...]
-
Page 22
22 05-16000-0082-20050 1 15 Fortinet Inc. Configuring the FortiLog u nit Setting up th e FortiLog unit[...]
-
Page 23
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 23 Connecting to the FortiLog Unit In order for For tiLog to receiv e log files, you need to config ure the FortiGat e, FortiMail or syslog devices to send l og files to the FortiLog unit. Y ou also need to configure the FortiLog unit to accept the log[...]
-
Page 24
24 05-16000-0082-20050 1 15 Fortinet Inc. Sending device logs to the FortiLog unit Connecting to the FortiLog Unit Figure 7: FortiGat e 2.8 log settings 5 Enter the IP address of the FortiLog un it. 6 Set the level th at the FortiG ate unit logs messages to the FortiLog unit. The FortiGate unit logs all messag es at a nd above the logging severity [...]
-
Page 25
Connecting to the FortiLog Unit Sending device logs to the FortiLog unit FortiLog Administration Guide 05-16000-0082-20050 1 15 25 Figure 8: FortiGat e 2.5 Log settings 2 Select Log to Remote Host to send the logs to a syslog server . 3 Enter the IP address of the FortiLog un it. 4 Enter the po rt number of the FortiLog unit. 5 Select the severity [...]
-
Page 26
26 05-16000-0082-20050 1 15 Fortinet Inc. Configuring the FortiLog u nit Connecting to the FortiLog Unit Configuring the FortiLog unit When you configure a device to send logs to the FortiLog unit, an entry for the de vice appears automatically in th e Unregistered Devices tab. Adding a device The Devices screen provides a easy access to all device[...]
-
Page 27
Connecting to the FortiLog Unit Configuring the FortiLog unit FortiLog Administration Guide 05-16000-0082-20050 1 15 27 3 Enter a device name. For a FortiGate de vice, this is the same en try as entered as the Local ID set in the Log&Config settings for FortiLog. For example, FGT-500A . 4 Select a group to add the device to if desir ed. For det[...]
-
Page 28
28 05-16000-0082-20050 1 15 Fortinet Inc. Configuring the FortiLog u nit Connecting to the FortiLog Unit Y ou can classify the device in terfaces as one of None, LAN, W AN or DMZ to match the type of traf fic the interface will process. When the FortiLog unit generates the traffic log repo rt, the FortiLog unit compares the source and destinatio n [...]
-
Page 29
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 29 Managing the FortiLog unit Using the FortiLog system settings, you can view the op erating s tatus of the For tiLog unit and configure the For tiLog unit fo r your network. Y ou can also use system settings to configure RAID (Redundan t Arra ys of I[...]
-
Page 30
30 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit Figure 1 1: System status (Active mode) Automatic Refresh Interval Select to control how often the web-based manager update s the system status d isplay . Go Select to set the selected automatic refresh interval. Refresh Select to manual ly update the syste m status display[...]
-
Page 31
Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 31 Changing the FortiLog host name The FortiLog host name appears o n the S t atus pa ge and in the FortiLog CLI prompt. T o change the FortiLog unit host name 1 Go to System > St atus > Sta tus . 2 Select Change. 3 Enter a new host name. 4 Select OK. Ch[...]
-
Page 32
32 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit Viewing system resources information On the S t atus page, yo u can view the CPU, memor y and hard disk usage information and the session information. By selecting the History link under System Re sources , you can also vi ew the sta tistic s for the previous minute. If CPU[...]
-
Page 33
Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 33 T o change the firmware using the CLI Use the following proc edure to upgra de the FortiLog un it to a newer firmwar e version or revert t o a prev ious firmwa re version. T o use the following proced ure you must have a TFTP server that the FortiLog un it [...]
-
Page 34
34 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit T o perform th is procedure you need to inst all a TFTP server that you can co nnect to from the FortiLog unit LAN port. The TFTP server should be on the same subnet as the LAN port. Before beginning this procedur e you can back up the FortiLog unit configuration . For info[...]
-
Page 35
Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 35 The following m essage appears: Enter File Name [image.out]: 11 Enter the firmware image filen ame and press Enter . The TFTP server uploads the firmware image file to the FortiLog unit and a message similar to the follo wing is displayed: Save as Default f[...]
-
Page 36
36 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit 7 Immediately press any key to interr upt the s ystem startup. If you successfully int errupt the startup process, the followin g message appears: [G]: Get firmware image from TFTP server. [F]: Format boot device. [Q]: Quit menu and continue to boot with default firmware. [[...]
-
Page 37
Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 37 T o install a backup firmware image 1 For all three FortiLog mo dels, use a terminal e mulation so ftware to access th e unit’s CLI. For the FortiLog-800 unit, you can also access the unit’ s CLI by connecting the null-modem cable provided to the un it?[...]
-
Page 38
38 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit The FortiLog unit save s the backup firmware image and restar ts. When the FortiL og unit restart s it is running the pr eviously installed firmware version. Switching to a backup firmware image Use this procedure to switch th e FortiLog unit to operating with a backu p fir[...]
-
Page 39
Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 39 T o switch back to the default firmware image 1 For all three FortiLog mo dels, use a terminal e mulation so ftware to access th e unit’s CLI. For the FortiLog-800 unit, you can also access the unit’ s CLI by connecting the null-modem cable provided to [...]
-
Page 40
40 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit T o download a FortiLog debug log 1 Go to System > St atus > Sta tus . 2 For System Settings , select Backup . 3 Select download debug log. 4 T ype a name and location for the file. The debug log file is backed up to the ma nagement computer . 5 Select Return to go ba[...]
-
Page 41
Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 41 T o upload the firmware image to the FortiLog unit 1 Make sure the TFTP se rver is running. 2 Copy the firmware image file to the root di r ectory of the TFTP server . Ensure the file name is image.out . 3 S tart the FortiLog unit. As the FortiLog u nit sta[...]
-
Page 42
42 05-16000-0082-20050 1 15 Fortinet Inc. Config Managing the FortiLog unit Config Use system c onfig to c onfigure the Fort iLog network settings, RAID se ttings, log message settings, time settings, and other option s. Y ou can also add and remove FortiLog administrator accoun ts a nd chan ge administrator p asswords. • Network • RAID • Log[...]
-
Page 43
Managing the Forti Log unit Config FortiLog Administration Guide 05-16000-0082-20050 1 15 43 RAID T o configure the FortiLog RAID level and check the RAID disk sp ace, go to System > Config > RAID . Figure 14: RAID settings IP Address Enter the static IP address required by the FortiLog unit to be able to connect to your network. Netmask Ente[...]
-
Page 44
44 05-16000-0082-20050 1 15 Fortinet Inc. Config Managing the FortiLog unit Log settings T o configure the FortiLog unit to log locally or to send FortiLog log messages to a remote syslog server , go to System > Config > Log Settings . Y ou can c onfigure th e log level and you can use config policy to record event log messages. See “Log po[...]
-
Page 45
Managing the Forti Log unit Config FortiLog Administration Guide 05-16000-0082-20050 1 15 45 Log policy Select Config Policy to configure the Fort iLog unit to send even t log messages to a local or remote syslog server . Enable Event Log to record mana gement and activity event s. Management event s include changes to the FortiLo g unit config ura[...]
-
Page 46
46 05-16000-0082-20050 1 15 Fortinet Inc. Config Managing the FortiLog unit Time T o change the FortiLog unit time, go to System > Config > Time . For ef fective scheduling and logging, the For tiLog system time must be accurate. Y ou can either manually set the FortiLog system time or you can configure the FortiLog unit to automatically keep[...]
-
Page 47
Managing the Forti Log unit Config FortiLog Administration Guide 05-16000-0082-20050 1 15 47 Figure 19: Admin Configure Administrator access Configure administrative access to allow remo te administra tion of the FortiL og unit. However , allowing remo te administration could compro mise the secur ity of your FortiLog unit. T o improve the security[...]
-
Page 48
48 05-16000-0082-20050 1 15 Fortinet Inc. Config Managing the FortiLog unit T o configure administrative access to the FortiLog unit 1 Go to System > Config > Admin . 2 Select the Administrative Access methods for the FortiLog unit. 3 Select Apply . Administrator account levels When the FortiLog unit is initially installed, it is configured w[...]
-
Page 49
Managing the Forti Log unit Devices (Active mode) FortiLog Administration Guide 05-16000-0082-20050 1 15 49 T o add an administrator account 1 Go to System > Config > Admin . 2 Select New . 3 Enter a login name for the a dministrator account. 4 Enter and confirm a p assword for the administrator accoun t. 5 Optionally type a T rusted H ost IP[...]
-
Page 50
50 05-16000-0082-20050 1 15 Fortinet Inc. Devices (Active mode) Managing the FortiLog unit Device list T o add and manage devices connecting to the FortiLog unit, go to Syst em > Devices . Figure 21: Device list Adding and registering a device Add FortiGate, FortiMail and Syslog devices to the FortiLog config uration so that the FortiLog unit ca[...]
-
Page 51
Managing the Forti Log unit Alert Email FortiLog Administration Guide 05-16000-0082-20050 1 15 51 T o edit a device 1 Go to System > Devices . 2 For the device you want to edit, select E dit. 3 Modify the device info rmation and se lect an Interface T ype for each interface, as required. 4 Select OK. Alert Email Use Alert Email to configure the [...]
-
Page 52
52 05-16000-0082-20050 1 15 Fortinet Inc. Alert Email Managing the FortiLog unit Local T o set the email alert notification for the FortiLog unit, go to System > Alert Email > Local . Set the options when the FortiLog unit aler ts an individual or gro up of individuals. Figure 24: Local alert settings Device (Active mode) T o set alert messag[...]
-
Page 53
Managing the Forti Log unit Alert Email FortiLog Administration Guide 05-16000-0082-20050 1 15 53 Figure 25: Device alert settings Alert Name Enter a name to identify the alert settings. Devices to Monitor Select the device lo gs the FortiLog unit moni tors. Expan d the device groups to select indiv idual devices. Level Set the level of message tha[...]
-
Page 54
54 05-16000-0082-20050 1 15 Fortinet Inc. Alerts Managing the FortiLog unit T o add a device alert 1 Go to System > Alert Email > Device . 2 Select Create New . 3 Set the Alert email options as req uired. 4 Select Enable to set the FortiLog unit to send alert email messages fo r selected device s. 5 Select OK. Alert s Use Alerts to view the s[...]
-
Page 55
Managing the Forti Log unit Network Sharing FortiLog Administration Guide 05-16000-0082-20050 1 15 55 Figure 26: Device a lert messages Network Sharing Use Network Sharing to co nfigure th e FortiLog un it to use file sharing ( Windows workgroups or NFS) to view an d share log reports a nd other file s. Y ou can define the users, groups and file ac[...]
-
Page 56
56 05-16000-0082-20050 1 15 Fortinet Inc. Defining IP aliases Managing the FortiLog unit Figure 27: IP aliase s T o set host alias names 1 Go to Reports > IP Aliases . 2 Select Create New . 3 Enter a name of the host, network or IP address range in the Alias text box. 4 Enter the IP address of the host, network or th e IP range. For example: •[...]
-
Page 57
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 57 Report s The FortiLog unit collates information collected from device log files and present s the information in t ables and graphs. There are over 130 dif ferent report s, in 1 1 categories. The report s provide det ailed information on the type of[...]
-
Page 58
58 05-16000-0082-20050 1 15 Fortinet Inc. Creating and generating a report Reports 3 Set the following: • “Configuring repor t paramete rs” on page 58 • “Configuring a report quer y” on page 59 • “Selecting the devices for the report” on p age 60 • “Select filtering options” on p age 61 • “Setting a report schedule” on[...]
-
Page 59
Reports Creating and generating a repo rt FortiLog Administration Guide 05-16000-0082-20050 1 15 59 5 Select Apply . Configuring a report query Select the specific information you need to gene rate a more concise repor t. Each report category include s a refined list of sub-categories that re ports spec ific information. For example, you can genera[...]
-
Page 60
60 05-16000-0082-20050 1 15 Fortinet Inc. Creating and generating a report Reports 4 Select the plus sign next to a category to expand and view the sub categ ories. 5 Select the content from the sub-categories to include in the report s. 6 Select Apply . Creating a query profile Y ou can save the selections as a query profile. Af ter creating a que[...]
-
Page 61
Reports Creating and generating a repo rt FortiLog Administration Guide 05-16000-0082-20050 1 15 61 6 Select the group or individual de vices to use in the report. 7 Select Apply . Creating a device profile Y ou can save the selections as a device pr ofile. After creating a device profile, you can select the profile for use in other report s. T o c[...]
-
Page 62
62 05-16000-0082-20050 1 15 Fortinet Inc. Creating and generating a report Reports 4 Select the type of matching for the filter criter ia: • Select Any t o find any m atches for th e criteria sp ecified. • Select All to find all c riteria. All criter ia must match to display in the results. 5 Select whether to have log messages less than and eq[...]
-
Page 63
Reports Creating and generating a repo rt FortiLog Administration Guide 05-16000-0082-20050 1 15 63 3 Select Schedule. 4 Select a day from the following: 5 Select a specified time of the day to run the report, up to three times per day . 6 Select Apply . Creating a report schedule profile Y ou can save the schedule as a schedule profile. Afte r cre[...]
-
Page 64
64 05-16000-0082-20050 1 15 Fortinet Inc. Creating and generating a report Reports T o select the report destination and fo rmat 1 Go to Reports > Config . 2 Select a report from the list. 3 Select Output. 4 Set the following options: 5 Select Apply . Creating a report destinat ion and form at profile Y ou can save the selections in a output pr [...]
-
Page 65
Reports Viewing reports FortiLog Administration Guide 05-16000-0082-20050 1 15 65 V iewing report s Use the FortiLog web-based mana ger to vi ew a list of the generated rep orts. The generated report s are available in HTML, PDF , RTF an d ASCII text formats, depending on the output configuration. Fo r details on setting output options see “Choos[...]
-
Page 66
66 05-16000-0082-20050 1 15 Fortinet Inc. Viewing reports Reports Roll up report The roll up report cont ains all reports that you selected for the FortiLog unit to generate. Sele ct the report name to view the report roll up in HTML format. Figure 35: Roll up report Select a report categor y to expand the list o f report sub-ca tegories. Selecting[...]
-
Page 67
Reports Vulnerability repo rts FortiLog Administration Guide 05-16000-0082-20050 1 15 67 Figure 36: VPN activity report in PDF V ulnerability reports V ulnerability report s show any potential we aknesses to attacks that may exist for selected devices by dis playing the available ports on a FortiGate device. Rathe r than using the device logs for t[...]
-
Page 68
68 05-16000-0082-20050 1 15 Fortinet Inc. Vulnerability reports Reports 3 Set the following: • “Selecting report resu lt parameters” on page 68 • “Selecting plug-ins” on p age 68 • “Selecting the scan targ ets for the repor t” on page 69 • “Choosing the repo rt destination and format” on page 7 1 . 4 Select Run now . Selecti[...]
-
Page 69
Reports Vulnerability repo rts FortiLog Administration Guide 05-16000-0082-20050 1 15 69 Figure 38: V ulnerability plugin optio ns T o select the plug-ins 1 Go to Reports > Config > V u lnerabilities . 2 Select a report from the list. 3 Select Plug-ins. 4 Select the plug-in s to include in the re port. 5 Select Apply . Creating a plug-in prof[...]
-
Page 70
70 05-16000-0082-20050 1 15 Fortinet Inc. Vulnerability reports Reports Figure 39: Selecting scan target s T o select the scan tar get s 1 Go to Reports > Config > V u lnerability . 2 Select a report from the list. 3 Select Scan T argets. 4 Select devices from the Av ailable IP Aliases list. 5 Select the right arrow to move the de vice to the[...]
-
Page 71
Reports Vulnerability repo rts FortiLog Administration Guide 05-16000-0082-20050 1 15 71 4 Select Apply . Choosing the report destination and format Select destination and format for the vulnerab ility report. Configure the FortiLog unit to either save the report s to the FortiLog hard disk or email th e report to any number of recipients or bo th.[...]
-
Page 72
72 05-16000-0082-20050 1 15 Fortinet Inc. Vulnerability reports Reports Viewing the vulnerability report The FortiLog unit saves the vulnerability report ei ther to it hard disk or sends the report as an email attachme nt. Figure 41: V iewing the list of vulnerabi lity reports T o view the vulnerability report saved to the Fort iLog hard disk 1 Go [...]
-
Page 73
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 73 Using Logs The FortiLog unit collect s log files from various source s and stores them on its hard disk. With the log viewer yo u can: • view log files collected from FortiGate, Fo rtiManager , FortiMail and syslog devices • customize the log fi[...]
-
Page 74
74 05-16000-0082-20050 1 15 Fortinet Inc. The Log view interfa ce Using Logs The Log view interface The log viewer interface provides a means of viewing device log files. Figure 42: V iewing the logs V iewing logs The log viewer interface provides a display of log data that you can organize and format. Device T abs Access to the specific device log[...]
-
Page 75
Using Logs Viewing logs FortiLog Administration Guide 05-16000-0082-20050 1 15 75 Figure 43: Viewing a device log T o view the device log files 1 Go to File Browse > Logs . 2 Select a device ta b. 3 Expand the group name and device name to see the list of av ailable logs. 4 In the Action column, select Dis play for the desired log file. 5 Do one[...]
-
Page 76
76 05-16000-0082-20050 1 15 Fortinet Inc. Viewing logs Using Logs Figure 44: Basic log f ilter 5 Do the following to search the log using the Basic log filter: 6 Select Apply . T o perform a standard se arch of the log conten t s 1 Go to File Browse > Logs . 2 Select a device and log file. 3 In the log view , select Column Se ttings at the top o[...]
-
Page 77
Using Logs Importing log files FortiLog Administration Guide 05-16000-0082-20050 1 15 77 6 Select each row in the Filter column. 7 Each row of information provides criteria for the se arch: The row criteria available reflect the content within the selected log file. 8 Select Enable fo r each row you want th e search cr iteria to use. 9 Select Apply[...]
-
Page 78
78 05-16000-0082-20050 1 15 Fortinet Inc. Log Search Using Logs Log Search Use the Log Search, to perfor m a simple search of all log files on the FortiLog unit. The FortiLog unit maint ains a search history for future use. If you need to clean out a long search history , select Clear History . T o search the log files for specific information 1 Go[...]
-
Page 79
Using Logs Event correlation (Active mode) FortiLog Administration Guide 05-16000-0082-20050 1 15 79 5 Select Apply . Event correlation (Active mode) Event correlation is a data mining feature th at provides a way of re viewing attacks on multiple devices in one location . The FortiLog unit collates att ack events from all submitted logs and displa[...]
-
Page 80
80 05-16000-0082-20050 1 15 Fortinet Inc. Event correlation (Active mode) Using Logs Show me Select Show me to view the selection from the sort li st. # The number of entries for the attack report. Log time The date and time of the attack. Device ID The name of the device subjected to th e attack. Source The source IP address of the attack. Destina[...]
-
Page 81
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 81 Using the FortiLog unit as a NAS Users can save, store and access information on the FortiL og hard disk as an alternate means of storing imp ortant files and wor k. T o provide users with access to the FortiLog file system you must: • configure t[...]
-
Page 82
82 05-16000-0082-20050 1 15 Fortinet Inc. Providing access to the FortiLog hard disk Using the FortiLog unit a s a NAS Providing access to the FortiLog hard disk T o enable user access to the FortiLog hard disk to store and access files you need to add user and group account s to the FortiLog u nit. Along with user and group accounts, you define th[...]
-
Page 83
Using the FortiLog unit as a NAS Providing access to the FortiLog hard disk FortiLog Administration Guide 05-16000-0082-20050 1 15 83 Adding and modifyi ng group accounts Create user group s to assign directory access to many users at once rath er than individually . T o add a user group 1 Go to Network Sh aring > G roups . 2 Select Create New .[...]
-
Page 84
84 05-16000-0082-20050 1 15 Fortinet Inc. Providing access to the FortiLog hard disk Using the FortiLog unit a s a NAS Figure 49: Windows sharing confi guration 3 Select the Local Path button to select the f older for th e users or groups to access . 4 Select OK. 5 Enter the Share Name to descri be the shared folder . 6 Select user and group names [...]
-
Page 85
Using the FortiLog unit as a NAS Providing access to the FortiLog hard disk FortiLog Administration Guide 05-16000-0082-20050 1 15 85 Figure 50: NFS share configuration 3 Select the Local Path button to select the f older for th e users or groups to access . 4 Select OK. 5 Enter the IP address of the remot e system or user ID. 6 Select user and gro[...]
-
Page 86
86 05-16000-0082-20050 1 15 Fortinet Inc. Setting folder an d file prope rties Using the FortiLog unit a s a NAS Setting folder and file properties The FortiLog unit enables you to administer the folders and files on the FortiLog hard disk. Using the file bro wser you can: • rename and delete files and folder s • set the access permissions • [...]
-
Page 87
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 87 FortiLog CLI reference This chapter explains how to connect to and use the FortiLog comm and line interface (CLI). Y ou can use CLI commands to view all system information and to change all system configuration settings. • CLI documentat ion conve[...]
-
Page 88
88 05-16000-0082-20050 1 15 Fortinet Inc. Connecting to the CLI FortiLog CLI reference Connecting to the CLI The FortiLog-800 model has serial port and you can use the null modem cable to connect it to your management computer . The FortiLog-100 and 400 models do not supp ort serial cable connections. Y ou can use a t erminal emulation sof tware su[...]
-
Page 89
FortiLog CLI reference Connecting to the CLI FortiLog Administration Guide 05-16000-0082-20050 1 15 89 10 T ype the password for this administrator an d press Enter . The following prompt appears: Welcome! Y ou have connected to the FortiLog CLI, and you can enter CLI command s. Setting administrative access for SSH or Telnet T o con figure the F o[...]
-
Page 90
90 05-16000-0082-20050 1 15 Fortinet Inc. Connecting to the CLI FortiLog CLI reference 4 T o confirm that you have configured SSH or T elnet access correctly , enter the following command to view the access settings for the inter face: get system interface The CLI displays the settings, including the management access settings, for the port1 interf[...]
-
Page 91
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 91 CLI commands The FortiLog CLI command s include: • execute br anch • get branch • set branch • unset branch execute branch Use execute to run static commands, to reset the F ortiLog unit to factor y defaults, to back up or restore FortiLog configur[...]
-
Page 92
92 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference get branch Use get to display settings, logs, or system information. T able 5: get command architecture get alertemail configuration <retu rn> setting <return> config <return> <keyword_str> <return> console <return> report resolve alias[...]
-
Page 93
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 93 get report reso lve Display the settings (what is turned on) for resolving host and service names. get report alia ses Display a list of IP aliases and their IP address. get log client Display the FortiGate units c onnected to the Forti Log unit. get log e[...]
-
Page 94
94 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set branch Use set to configure settings, logs, or system information. set alertemail Use set alertemail to configure alert mails. T able 6: set alertemail comman d architecture set alertemai l configuration auth {enable | disable} <return> mailto <string> <[...]
-
Page 95
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 95 set alertemai l device {enable | disable} add virusalert {enable | disable}< return> virusany {any |some| <return> viruskeywords <keyword1 | keyword2 > <return> virusnum {1 | 5 | 10 | 20 | 50 | 100 | 500 | 1000} <return> virus[...]
-
Page 96
96 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set alertmail device enable add levelnum {emergency | alert | critical | error | warning | notification | information} Set the level to monitor before sending an alert message. The F ortiLog unit sends alert email for all messages at and above the logging severity level y[...]
-
Page 97
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 97 set console Use set console to set console configurat ion. T able 7: set cons ole comman d architectu re set console baudrate {9600 | 19200 | 38400 | 57600 | 115200} <return> mode batch <return> line <return> page <integer/0> <re[...]
-
Page 98
98 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set log Use set log to configure log settings T able 8: set log command architectu re set log client <string> deviceid <string> secure {yes | no} psk <string> space <number> <return> filesz <integer> <return> fileage <integer&g[...]
-
Page 99
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 99 set log devtype <string> report name <report name><Return> period from <YY -MM- DD-HH> to <YY -MM-DD- HH> today | yesterday this {year |quarter|month| week} last {year|quarter|m onth|week} nweeks< weeks> ndays<d ays&g[...]
-
Page 100
100 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference Commands Descr iption set log client <client_string> device id <id_string> secure {yes | no} psk <p sk_string> space <number> filesz <fil esz_integer> fileage <fileage_integer> spacefull {overwrite_oldest | stop_loggin g} Configur e th[...]
-
Page 101
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 101 set log setting syslo g remote server <server _ip> port <port_integer> loglevel <severity_lev el> Set the remote syslog severity level 0 = Emergency , 1 = Alert, 2 = Critical, 3 = Error , 4 = W arning, 5 = Notificati on, 6 = Information [...]
-
Page 102
102 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set log devtype <str ing> filters <string> Select the filter options to include in a rep ort and store a s a profile for later use in other reports. set log devtype <str ing> schedule <strin g> {none|hours< hour> | daily | days <mon, t ue[...]
-
Page 103
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 103 set NAS Use set NAS to configure the FortiLog NAS serve r settings when using the FortiLog unit in Passive mode. T able 9: set NAS command archite cture set nas protocol nfs share workgroup <workgroup> user <user name> uid <uid> name <[...]
-
Page 104
104 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set report Use set report to configure the Fort iLog report settings. set system Use set system to configure the Fort iLog system settings. T able 10: set report command architecture set report resolve <services | aliases> alias <alias> ho stnetrange <x.x.[...]
-
Page 105
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 105 set system interface <intf_str> config denyaccess ping <r eturn> https <return> ssh <retur n> snmp <return > http <return> telnet <return> wins <xxx.xxx.xxx.xxx> <return> macaddr {xxx.xxx.xxx.xxx | fac[...]
-
Page 106
106 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set system interface <intf_str> config denyaccess ping <r eturn> https <return> ssh <retur n> snmp <return > http <return> telnet <return> wins <xxx.xxx.xxx.xxx> <return> macaddr {xxx.xxx.xxx.xxx | factorydefault} <[...]
-
Page 107
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 107 set system opmode active <return> passive <return> option admintimeout <timeout_integer> <return> authtime out <<timeout_integer> <return> language <language_str> <return> refresh {interval | none} <re[...]
-
Page 108
108 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference Commands Descript ion set system admin username <name_str> password <password_str> permission {readonly | readwrite} Enter system administrator user name, password, and access permission. • <name_str> is the administrator user n ame. • <password_[...]
-
Page 109
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 109 set system interface config stp_passthrough set system interface <intf_str> config mode static Set the interface mode to static. set system mainregpage hide Hide main regist ration message. set system session_ttl port <port_num> ti meout <t[...]
-
Page 110
11 0 05-16000-0 082-200501 15 Fortinet Inc. CLI commands FortiLog CLI reference unset branch Use unset to remove configuration of aler t email, log, and system. set system time ma nual zone <No.> Set the system time zone by number . set system time manual dst {disable | enable} Enable or d isable daylight sa ving time. set system time ntp ntp[...]
-
Page 111
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 111 unset nas user <user name> Remove a user name. unset nas group <g roup name> Remove a group name. unset nas share <sha re name> Remove a Wi ndows-shared folder setting. unset nas nfs path <local p ath> Remove a Network File Share p[...]
-
Page 112
11 2 05-16000-0 082-200501 15 Fortinet Inc. CLI commands FortiLog CLI reference[...]
-
Page 113
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 11 3 Appendix A: Log Report T ypes Y our FortiLog unit is can gener ate over 130 dif ferent types of log reports. Listed here are the log report s and a short description. Network Activity Network activity log reports reco rd total networ k traffic a c[...]
-
Page 114
11 4 05-16000-0 082-200501 15 Fortinet Inc. Appendix A: Log Report Types FTP Activity FTP report s reco rd tota l FTP access act iviti es including traffic direction, sites and connections. Web T raf fic By Direction T otal incoming and outgoing web traffic in kilobytes. Blocked Web Site Attempt s By Date Attempts to acce ss blocked web sties for a[...]
-
Page 115
Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050 1 15 11 5 Terminal Activity T erminal activity reports record total T erminal/CLI access activities. Mail Acti vity Mail activity report s record Email traf fic and conn ections. Report Descrip tion T ermina l Traf fic By Date An d Service T e rminal activity by service [...]
-
Page 116
11 6 05-16000-0 082-200501 15 Fortinet Inc. Appendix A: Log Report Types Intrusion Activity Intrusion activity repor ts record top netwo rk attacks and top att acks by a specific time. Antivirus Activity Antivirus activity reports record total antivi rus attacks by time, attack event types, top senders, and top re ceivers. Web Filter Activity Web f[...]
-
Page 117
Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050 1 15 11 7 Mail Filter Activity Mail filter activity r eports re cord tota l and to p mail filter activities by device, time, and top senders an d receivers. Web Filter Events By Hour Of Day And T op Destinations Hourly web events by top web site destinations for a specif[...]
-
Page 118
11 8 05-16000-0 082-200501 15 Fortinet Inc. Appendix A: Log Report Types VPN Activity VP N a ct iv i ty re po rts r ec or d t ota l V P N a ct iv it i es by a specific time and dir ection as well as top VPN ac tivities. Content Activity Content act ivity reports recor d content a ctivi ties by a specific time and direction as well as top content ac[...]
-
Page 119
Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050 1 15 11 9 Content T raf fic By Hour Of Day And Service Hourly content traffic by Internet services in kilobytes fo r a specified date or range of days. Content T raf fic By Hour Of Day And S t atus Hourly email conte nt status in kilobytes for a specified date or range o[...]
-
Page 120
120 05-16000-0082-20050 1 15 Fortinet Inc. Appendix A: Log Report Types[...]
-
Page 121
FortiLog Administration Guide 05-16000-0082-20050 1 15 121 FortiLog Administration Guide V ersion 1.6 Index A access to files 82 account levels 48 active and passive mode 8 administrator account 48 read & write access 48 read only access 48 settings 46 administ rator accoun t netmask 108 trusted host 49 Adobe Acrobat files 65 alerts 30, 54 atta[...]
-
Page 122
122 05-16000-0082-20050 1 15 Fortinet Inc. Index L language setting 46, 109 LCD panel 21 log policy 45 logs download FortiLog debug log 39 importing 77 information 75 settings 44 watching 78 M memory usage 32 MS Word files 65 N network attached server 81 network file system 81 network settings 42 NTP server 46 O on demand reports 64 operating modes[...]
-
Page 123
Index FortiLog Administration Guide 05-16000-0082-20050 1 15 123 web-based manager connecting 19 idle ti meout 46 introduction 19 language 46, 109 windows shares 81[...]
-
Page 124
124 05-16000-0082-20050 1 15 Fortinet Inc. Index[...]