Fortinet FortiLog-100 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

Ir para a página of

Bom manual de uso

As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto Fortinet FortiLog-100. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoFortinet FortiLog-100 vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.

O que é a instrução?

A palavra vem do latim "Instructio" ou instruir. Portanto, no manual Fortinet FortiLog-100 você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.

Infelizmente, pequenos usuários tomam o tempo para ler o manual Fortinet FortiLog-100, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.

Então, o que deve conter o manual perfeito?

Primeiro, o manual Fortinet FortiLog-100 deve conte:
- dados técnicos do dispositivo Fortinet FortiLog-100
- nome do fabricante e ano de fabricação do dispositivo Fortinet FortiLog-100
- instruções de utilização, regulação e manutenção do dispositivo Fortinet FortiLog-100
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes

Por que você não ler manuais?

Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque Fortinet FortiLog-100 não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos Fortinet FortiLog-100 e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço Fortinet na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas Fortinet FortiLog-100, como para a versão papel.

Por que ler manuais?

Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo Fortinet FortiLog-100, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.

Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual Fortinet FortiLog-100. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação

Índice do manual

  • Página 1

    FortiLog Administration Guide 1 4 FortiLog-100 FortiLog-400 8 FortiLog-800 FortiLog Administration Guide Ve r s i o n 1 . 6 January 15, 2004 05-16000-0082 -200501 15[...]

  • Página 2

    © Copyright 2005 Fortine t Inc. All rights reserved . No part of this publication incl uding text, examples , diagrams or illustrations may be reproduced, transmitted, or translated in any form or by an y means, electro nic, mechanical, manual, optical or otherwise, for any purpose, without prio r written permiss ion of Fort inet Inc. FortiLog Adm[...]

  • Página 3

    Contents FortiLog Administration Guide 05-16000-0082-20050 1 15 3 Table of Contents Introduction ............. .............................. ........................................................ ......... 7 Operational Modes............. ............. ................ ............. ................ ............. ................ .......... 8 Ac[...]

  • Página 4

    Contents 4 05-16000-0082-20050 1 15 Fortinet Inc. Managing the FortiLog unit ........... ............................................................. ......... 29 Status .......................... ............. ............. ................ ............. ............. ................ ........... ....... 29 Status ...... ................ ........[...]

  • Página 5

    Contents FortiLog Administration Guide 05-16000-0082-20050 1 15 5 Reports ............................. ............................................... ............................ ......... 57 Creating and generating a report .... ................ ............. ................ ................ ................ ..... 57 Configuring report paramete[...]

  • Página 6

    Contents 6 05-16000-0082-20050 1 15 Fortinet Inc. Adding and modifying group accounts . ................ ............. ................ ................. ........... 83 Assigning access to folders . ................ ............. ................ ............. ............. ................ .. 83 Modifying the user or group folder ac cess . ... ...[...]

  • Página 7

    FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 7 Introduction FortiLog unit s are network appliances that provide integr ated log collection, analysis tools and dat a storage. Det ailed log report s provide historical as well as current analysis of network and email activity to help identify securi[...]

  • Página 8

    8 05-16000-0082-20050 1 15 Fortinet Inc. Operational Modes Introduction Operational Modes The FortiLog device can op erate in two m odes: Active mode or Passive mo de. The web-based interface provides an interface that r eflects each models’ functionality . Active Mode Active mode is the default mo de for the Fort iLog unit. In Active mode, the F[...]

  • Página 9

    Introduction Operational Modes FortiLog Administration Guide 05-16000-0082-20050 1 15 9 Figure 3: FortiLog Active mode n etwork architec ture Passive Mode Passive mode enables you to use the Fort iLog unit solely as a Network Attach ed Server (NAS) storage device. The collection of device log files and the log reporting features are not available i[...]

  • Página 10

    10 05-16000-0082-20050 1 15 Fortinet Inc. About this guide Introduction About this guide This document describe s how to set up and configure the FortiLog unit. The configuration and featur es of the FortiLog unit are similar in ei ther mode. Section titles indicate where the features or configuration dif fers or is unique to each mode. For example[...]

  • Página 11

    Introduction Related documentati on FortiLog Administration Guide 05-16000-0082-20050 1 15 11 Related document ation Additional info rmation about Fortinet prod uc ts is available from the following related documentation . FortiGate documentation Information about FortiGate product s is available from the following guides: • FortiGate QuickS tart[...]

  • Página 12

    12 05-16000-0082-20050 1 15 Fortinet Inc. Related documentati on Introduction FortiManager documentation • FortiManager QuickS t art Guide Explains how to inst all the FortiManager Console, set up the FortiMan ager Server , and configure basic setting s. • FortiManager System Administra tion Guide Describes how to use the FortiManager System to[...]

  • Página 13

    Introduction Customer service a nd technical support FortiLog Administration Guide 05-16000-0082-20050 1 15 13 Customer service and technical support For antiviru s and attack d efinition u p dates, firmware updates, updated product documentation , technical support informatio n , and other resources, please visit the Fortinet technical support we [...]

  • Página 14

    14 05-16000-0082-20050 1 15 Fortinet Inc. Customer service and technical support Introduction[...]

  • Página 15

    FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 15 Setting up the FortiLog unit This chapte r includes : • Checking the package conte nts • Hardware specifications • Planning the inst allation • Connecting the FortiLog unit • Configuring the FortiLog unit Checking the p ackage contents The[...]

  • Página 16

    16 05-16000-0082-20050 1 15 Fortinet Inc. Checking the package contents Setting up the FortiLog unit Figure 5: FortiLog front an d back diagrams Hardware specifications Dimensions • FortiLog-100: 38 x 17 x 31 cm • FortiLog-400: 54 x 33 x 44 cm • FortiLog-800: 78 x 65 x 25 cm Weight • FortiLog-100: 2.5 kg • FortiLog-400: 1 1 kg • FortiLo[...]

  • Página 17

    Setting up the FortiLog unit Planning the installati on FortiLog Administration Guide 05-16000-0082-20050 1 15 17 Power requirements • FortiLog-100 • AC input volt age: 100 to 2 40 V AC • AC input current: 1.0 A • Frequency: 47 to 63 Hz • FortiLog -400 and 800 • AC input voltage: 1 15 to 230 V AC • AC input current: 4 to 2 A • Frequ[...]

  • Página 18

    18 05-16000-0082-20050 1 15 Fortinet Inc. Connecting the FortiLog unit Setting up the FortiLog unit Figure 6: FortiLog co nnection option Connecting the FortiLog unit Y ou can install the FortiLog un it as a free-standin g appliance on any stable su rface. Y ou can mount the FortiLog-8 00 unit in a sta ndard 19-inch rack. It requir es 1 U of vertic[...]

  • Página 19

    Setting up the FortiLog unit Configuring the FortiLog unit FortiLog Administration Guide 05-16000-0082-20050 1 15 19 Configuring the FortiLog unit Use the web-based man ager or the Command Line In terface (CLI) to configure the F ortiLog unit IP address, netmask, DNS se rver IP a ddress, and defa ult gateway IP address. Using the web-based manager [...]

  • Página 20

    20 05-16000-0082-20050 1 15 Fortinet Inc. Configuring the FortiLog u nit Setting up th e FortiLog unit 6 T ype admin in the Name field and select Login. After connecting to the Web-base d manager , you can configure the Fo rtiLog unit IP address, DNS server IP address, and de faul t gateway to connect the FortiLog uni t to the network. T o configur[...]

  • Página 21

    Setting up the FortiLog unit Configuring the FortiLog unit FortiLog Administration Guide 05-16000-0082-20050 1 15 21 3 Set the primary DNS se rver IP address: set system dns primary <IP_address> 4 Optionally set the secondary DNS server IP address: set system dns secondary <IP_address> 5 Set the default gateway: set system route number [...]

  • Página 22

    22 05-16000-0082-20050 1 15 Fortinet Inc. Configuring the FortiLog u nit Setting up th e FortiLog unit[...]

  • Página 23

    FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 23 Connecting to the FortiLog Unit In order for For tiLog to receiv e log files, you need to config ure the FortiGat e, FortiMail or syslog devices to send l og files to the FortiLog unit. Y ou also need to configure the FortiLog unit to accept the log[...]

  • Página 24

    24 05-16000-0082-20050 1 15 Fortinet Inc. Sending device logs to the FortiLog unit Connecting to the FortiLog Unit Figure 7: FortiGat e 2.8 log settings 5 Enter the IP address of the FortiLog un it. 6 Set the level th at the FortiG ate unit logs messages to the FortiLog unit. The FortiGate unit logs all messag es at a nd above the logging severity [...]

  • Página 25

    Connecting to the FortiLog Unit Sending device logs to the FortiLog unit FortiLog Administration Guide 05-16000-0082-20050 1 15 25 Figure 8: FortiGat e 2.5 Log settings 2 Select Log to Remote Host to send the logs to a syslog server . 3 Enter the IP address of the FortiLog un it. 4 Enter the po rt number of the FortiLog unit. 5 Select the severity [...]

  • Página 26

    26 05-16000-0082-20050 1 15 Fortinet Inc. Configuring the FortiLog u nit Connecting to the FortiLog Unit Configuring the FortiLog unit When you configure a device to send logs to the FortiLog unit, an entry for the de vice appears automatically in th e Unregistered Devices tab. Adding a device The Devices screen provides a easy access to all device[...]

  • Página 27

    Connecting to the FortiLog Unit Configuring the FortiLog unit FortiLog Administration Guide 05-16000-0082-20050 1 15 27 3 Enter a device name. For a FortiGate de vice, this is the same en try as entered as the Local ID set in the Log&Config settings for FortiLog. For example, FGT-500A . 4 Select a group to add the device to if desir ed. For det[...]

  • Página 28

    28 05-16000-0082-20050 1 15 Fortinet Inc. Configuring the FortiLog u nit Connecting to the FortiLog Unit Y ou can classify the device in terfaces as one of None, LAN, W AN or DMZ to match the type of traf fic the interface will process. When the FortiLog unit generates the traffic log repo rt, the FortiLog unit compares the source and destinatio n [...]

  • Página 29

    FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 29 Managing the FortiLog unit Using the FortiLog system settings, you can view the op erating s tatus of the For tiLog unit and configure the For tiLog unit fo r your network. Y ou can also use system settings to configure RAID (Redundan t Arra ys of I[...]

  • Página 30

    30 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit Figure 1 1: System status (Active mode) Automatic Refresh Interval Select to control how often the web-based manager update s the system status d isplay . Go Select to set the selected automatic refresh interval. Refresh Select to manual ly update the syste m status display[...]

  • Página 31

    Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 31 Changing the FortiLog host name The FortiLog host name appears o n the S t atus pa ge and in the FortiLog CLI prompt. T o change the FortiLog unit host name 1 Go to System > St atus > Sta tus . 2 Select Change. 3 Enter a new host name. 4 Select OK. Ch[...]

  • Página 32

    32 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit Viewing system resources information On the S t atus page, yo u can view the CPU, memor y and hard disk usage information and the session information. By selecting the History link under System Re sources , you can also vi ew the sta tistic s for the previous minute. If CPU[...]

  • Página 33

    Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 33 T o change the firmware using the CLI Use the following proc edure to upgra de the FortiLog un it to a newer firmwar e version or revert t o a prev ious firmwa re version. T o use the following proced ure you must have a TFTP server that the FortiLog un it [...]

  • Página 34

    34 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit T o perform th is procedure you need to inst all a TFTP server that you can co nnect to from the FortiLog unit LAN port. The TFTP server should be on the same subnet as the LAN port. Before beginning this procedur e you can back up the FortiLog unit configuration . For info[...]

  • Página 35

    Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 35 The following m essage appears: Enter File Name [image.out]: 11 Enter the firmware image filen ame and press Enter . The TFTP server uploads the firmware image file to the FortiLog unit and a message similar to the follo wing is displayed: Save as Default f[...]

  • Página 36

    36 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit 7 Immediately press any key to interr upt the s ystem startup. If you successfully int errupt the startup process, the followin g message appears: [G]: Get firmware image from TFTP server. [F]: Format boot device. [Q]: Quit menu and continue to boot with default firmware. [[...]

  • Página 37

    Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 37 T o install a backup firmware image 1 For all three FortiLog mo dels, use a terminal e mulation so ftware to access th e unit’s CLI. For the FortiLog-800 unit, you can also access the unit’ s CLI by connecting the null-modem cable provided to the un it?[...]

  • Página 38

    38 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit The FortiLog unit save s the backup firmware image and restar ts. When the FortiL og unit restart s it is running the pr eviously installed firmware version. Switching to a backup firmware image Use this procedure to switch th e FortiLog unit to operating with a backu p fir[...]

  • Página 39

    Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 39 T o switch back to the default firmware image 1 For all three FortiLog mo dels, use a terminal e mulation so ftware to access th e unit’s CLI. For the FortiLog-800 unit, you can also access the unit’ s CLI by connecting the null-modem cable provided to [...]

  • Página 40

    40 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit T o download a FortiLog debug log 1 Go to System > St atus > Sta tus . 2 For System Settings , select Backup . 3 Select download debug log. 4 T ype a name and location for the file. The debug log file is backed up to the ma nagement computer . 5 Select Return to go ba[...]

  • Página 41

    Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 41 T o upload the firmware image to the FortiLog unit 1 Make sure the TFTP se rver is running. 2 Copy the firmware image file to the root di r ectory of the TFTP server . Ensure the file name is image.out . 3 S tart the FortiLog unit. As the FortiLog u nit sta[...]

  • Página 42

    42 05-16000-0082-20050 1 15 Fortinet Inc. Config Managing the FortiLog unit Config Use system c onfig to c onfigure the Fort iLog network settings, RAID se ttings, log message settings, time settings, and other option s. Y ou can also add and remove FortiLog administrator accoun ts a nd chan ge administrator p asswords. • Network • RAID • Log[...]

  • Página 43

    Managing the Forti Log unit Config FortiLog Administration Guide 05-16000-0082-20050 1 15 43 RAID T o configure the FortiLog RAID level and check the RAID disk sp ace, go to System > Config > RAID . Figure 14: RAID settings IP Address Enter the static IP address required by the FortiLog unit to be able to connect to your network. Netmask Ente[...]

  • Página 44

    44 05-16000-0082-20050 1 15 Fortinet Inc. Config Managing the FortiLog unit Log settings T o configure the FortiLog unit to log locally or to send FortiLog log messages to a remote syslog server , go to System > Config > Log Settings . Y ou can c onfigure th e log level and you can use config policy to record event log messages. See “Log po[...]

  • Página 45

    Managing the Forti Log unit Config FortiLog Administration Guide 05-16000-0082-20050 1 15 45 Log policy Select Config Policy to configure the Fort iLog unit to send even t log messages to a local or remote syslog server . Enable Event Log to record mana gement and activity event s. Management event s include changes to the FortiLo g unit config ura[...]

  • Página 46

    46 05-16000-0082-20050 1 15 Fortinet Inc. Config Managing the FortiLog unit Time T o change the FortiLog unit time, go to System > Config > Time . For ef fective scheduling and logging, the For tiLog system time must be accurate. Y ou can either manually set the FortiLog system time or you can configure the FortiLog unit to automatically keep[...]

  • Página 47

    Managing the Forti Log unit Config FortiLog Administration Guide 05-16000-0082-20050 1 15 47 Figure 19: Admin Configure Administrator access Configure administrative access to allow remo te administra tion of the FortiL og unit. However , allowing remo te administration could compro mise the secur ity of your FortiLog unit. T o improve the security[...]

  • Página 48

    48 05-16000-0082-20050 1 15 Fortinet Inc. Config Managing the FortiLog unit T o configure administrative access to the FortiLog unit 1 Go to System > Config > Admin . 2 Select the Administrative Access methods for the FortiLog unit. 3 Select Apply . Administrator account levels When the FortiLog unit is initially installed, it is configured w[...]

  • Página 49

    Managing the Forti Log unit Devices (Active mode) FortiLog Administration Guide 05-16000-0082-20050 1 15 49 T o add an administrator account 1 Go to System > Config > Admin . 2 Select New . 3 Enter a login name for the a dministrator account. 4 Enter and confirm a p assword for the administrator accoun t. 5 Optionally type a T rusted H ost IP[...]

  • Página 50

    50 05-16000-0082-20050 1 15 Fortinet Inc. Devices (Active mode) Managing the FortiLog unit Device list T o add and manage devices connecting to the FortiLog unit, go to Syst em > Devices . Figure 21: Device list Adding and registering a device Add FortiGate, FortiMail and Syslog devices to the FortiLog config uration so that the FortiLog unit ca[...]

  • Página 51

    Managing the Forti Log unit Alert Email FortiLog Administration Guide 05-16000-0082-20050 1 15 51 T o edit a device 1 Go to System > Devices . 2 For the device you want to edit, select E dit. 3 Modify the device info rmation and se lect an Interface T ype for each interface, as required. 4 Select OK. Alert Email Use Alert Email to configure the [...]

  • Página 52

    52 05-16000-0082-20050 1 15 Fortinet Inc. Alert Email Managing the FortiLog unit Local T o set the email alert notification for the FortiLog unit, go to System > Alert Email > Local . Set the options when the FortiLog unit aler ts an individual or gro up of individuals. Figure 24: Local alert settings Device (Active mode) T o set alert messag[...]

  • Página 53

    Managing the Forti Log unit Alert Email FortiLog Administration Guide 05-16000-0082-20050 1 15 53 Figure 25: Device alert settings Alert Name Enter a name to identify the alert settings. Devices to Monitor Select the device lo gs the FortiLog unit moni tors. Expan d the device groups to select indiv idual devices. Level Set the level of message tha[...]

  • Página 54

    54 05-16000-0082-20050 1 15 Fortinet Inc. Alerts Managing the FortiLog unit T o add a device alert 1 Go to System > Alert Email > Device . 2 Select Create New . 3 Set the Alert email options as req uired. 4 Select Enable to set the FortiLog unit to send alert email messages fo r selected device s. 5 Select OK. Alert s Use Alerts to view the s[...]

  • Página 55

    Managing the Forti Log unit Network Sharing FortiLog Administration Guide 05-16000-0082-20050 1 15 55 Figure 26: Device a lert messages Network Sharing Use Network Sharing to co nfigure th e FortiLog un it to use file sharing ( Windows workgroups or NFS) to view an d share log reports a nd other file s. Y ou can define the users, groups and file ac[...]

  • Página 56

    56 05-16000-0082-20050 1 15 Fortinet Inc. Defining IP aliases Managing the FortiLog unit Figure 27: IP aliase s T o set host alias names 1 Go to Reports > IP Aliases . 2 Select Create New . 3 Enter a name of the host, network or IP address range in the Alias text box. 4 Enter the IP address of the host, network or th e IP range. For example: •[...]

  • Página 57

    FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 57 Report s The FortiLog unit collates information collected from device log files and present s the information in t ables and graphs. There are over 130 dif ferent report s, in 1 1 categories. The report s provide det ailed information on the type of[...]

  • Página 58

    58 05-16000-0082-20050 1 15 Fortinet Inc. Creating and generating a report Reports 3 Set the following: • “Configuring repor t paramete rs” on page 58 • “Configuring a report quer y” on page 59 • “Selecting the devices for the report” on p age 60 • “Select filtering options” on p age 61 • “Setting a report schedule” on[...]

  • Página 59

    Reports Creating and generating a repo rt FortiLog Administration Guide 05-16000-0082-20050 1 15 59 5 Select Apply . Configuring a report query Select the specific information you need to gene rate a more concise repor t. Each report category include s a refined list of sub-categories that re ports spec ific information. For example, you can genera[...]

  • Página 60

    60 05-16000-0082-20050 1 15 Fortinet Inc. Creating and generating a report Reports 4 Select the plus sign next to a category to expand and view the sub categ ories. 5 Select the content from the sub-categories to include in the report s. 6 Select Apply . Creating a query profile Y ou can save the selections as a query profile. Af ter creating a que[...]

  • Página 61

    Reports Creating and generating a repo rt FortiLog Administration Guide 05-16000-0082-20050 1 15 61 6 Select the group or individual de vices to use in the report. 7 Select Apply . Creating a device profile Y ou can save the selections as a device pr ofile. After creating a device profile, you can select the profile for use in other report s. T o c[...]

  • Página 62

    62 05-16000-0082-20050 1 15 Fortinet Inc. Creating and generating a report Reports 4 Select the type of matching for the filter criter ia: • Select Any t o find any m atches for th e criteria sp ecified. • Select All to find all c riteria. All criter ia must match to display in the results. 5 Select whether to have log messages less than and eq[...]

  • Página 63

    Reports Creating and generating a repo rt FortiLog Administration Guide 05-16000-0082-20050 1 15 63 3 Select Schedule. 4 Select a day from the following: 5 Select a specified time of the day to run the report, up to three times per day . 6 Select Apply . Creating a report schedule profile Y ou can save the schedule as a schedule profile. Afte r cre[...]

  • Página 64

    64 05-16000-0082-20050 1 15 Fortinet Inc. Creating and generating a report Reports T o select the report destination and fo rmat 1 Go to Reports > Config . 2 Select a report from the list. 3 Select Output. 4 Set the following options: 5 Select Apply . Creating a report destinat ion and form at profile Y ou can save the selections in a output pr [...]

  • Página 65

    Reports Viewing reports FortiLog Administration Guide 05-16000-0082-20050 1 15 65 V iewing report s Use the FortiLog web-based mana ger to vi ew a list of the generated rep orts. The generated report s are available in HTML, PDF , RTF an d ASCII text formats, depending on the output configuration. Fo r details on setting output options see “Choos[...]

  • Página 66

    66 05-16000-0082-20050 1 15 Fortinet Inc. Viewing reports Reports Roll up report The roll up report cont ains all reports that you selected for the FortiLog unit to generate. Sele ct the report name to view the report roll up in HTML format. Figure 35: Roll up report Select a report categor y to expand the list o f report sub-ca tegories. Selecting[...]

  • Página 67

    Reports Vulnerability repo rts FortiLog Administration Guide 05-16000-0082-20050 1 15 67 Figure 36: VPN activity report in PDF V ulnerability reports V ulnerability report s show any potential we aknesses to attacks that may exist for selected devices by dis playing the available ports on a FortiGate device. Rathe r than using the device logs for t[...]

  • Página 68

    68 05-16000-0082-20050 1 15 Fortinet Inc. Vulnerability reports Reports 3 Set the following: • “Selecting report resu lt parameters” on page 68 • “Selecting plug-ins” on p age 68 • “Selecting the scan targ ets for the repor t” on page 69 • “Choosing the repo rt destination and format” on page 7 1 . 4 Select Run now . Selecti[...]

  • Página 69

    Reports Vulnerability repo rts FortiLog Administration Guide 05-16000-0082-20050 1 15 69 Figure 38: V ulnerability plugin optio ns T o select the plug-ins 1 Go to Reports > Config > V u lnerabilities . 2 Select a report from the list. 3 Select Plug-ins. 4 Select the plug-in s to include in the re port. 5 Select Apply . Creating a plug-in prof[...]

  • Página 70

    70 05-16000-0082-20050 1 15 Fortinet Inc. Vulnerability reports Reports Figure 39: Selecting scan target s T o select the scan tar get s 1 Go to Reports > Config > V u lnerability . 2 Select a report from the list. 3 Select Scan T argets. 4 Select devices from the Av ailable IP Aliases list. 5 Select the right arrow to move the de vice to the[...]

  • Página 71

    Reports Vulnerability repo rts FortiLog Administration Guide 05-16000-0082-20050 1 15 71 4 Select Apply . Choosing the report destination and format Select destination and format for the vulnerab ility report. Configure the FortiLog unit to either save the report s to the FortiLog hard disk or email th e report to any number of recipients or bo th.[...]

  • Página 72

    72 05-16000-0082-20050 1 15 Fortinet Inc. Vulnerability reports Reports Viewing the vulnerability report The FortiLog unit saves the vulnerability report ei ther to it hard disk or sends the report as an email attachme nt. Figure 41: V iewing the list of vulnerabi lity reports T o view the vulnerability report saved to the Fort iLog hard disk 1 Go [...]

  • Página 73

    FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 73 Using Logs The FortiLog unit collect s log files from various source s and stores them on its hard disk. With the log viewer yo u can: • view log files collected from FortiGate, Fo rtiManager , FortiMail and syslog devices • customize the log fi[...]

  • Página 74

    74 05-16000-0082-20050 1 15 Fortinet Inc. The Log view interfa ce Using Logs The Log view interface The log viewer interface provides a means of viewing device log files. Figure 42: V iewing the logs V iewing logs The log viewer interface provides a display of log data that you can organize and format. Device T abs Access to the specific device log[...]

  • Página 75

    Using Logs Viewing logs FortiLog Administration Guide 05-16000-0082-20050 1 15 75 Figure 43: Viewing a device log T o view the device log files 1 Go to File Browse > Logs . 2 Select a device ta b. 3 Expand the group name and device name to see the list of av ailable logs. 4 In the Action column, select Dis play for the desired log file. 5 Do one[...]

  • Página 76

    76 05-16000-0082-20050 1 15 Fortinet Inc. Viewing logs Using Logs Figure 44: Basic log f ilter 5 Do the following to search the log using the Basic log filter: 6 Select Apply . T o perform a standard se arch of the log conten t s 1 Go to File Browse > Logs . 2 Select a device and log file. 3 In the log view , select Column Se ttings at the top o[...]

  • Página 77

    Using Logs Importing log files FortiLog Administration Guide 05-16000-0082-20050 1 15 77 6 Select each row in the Filter column. 7 Each row of information provides criteria for the se arch: The row criteria available reflect the content within the selected log file. 8 Select Enable fo r each row you want th e search cr iteria to use. 9 Select Apply[...]

  • Página 78

    78 05-16000-0082-20050 1 15 Fortinet Inc. Log Search Using Logs Log Search Use the Log Search, to perfor m a simple search of all log files on the FortiLog unit. The FortiLog unit maint ains a search history for future use. If you need to clean out a long search history , select Clear History . T o search the log files for specific information 1 Go[...]

  • Página 79

    Using Logs Event correlation (Active mode) FortiLog Administration Guide 05-16000-0082-20050 1 15 79 5 Select Apply . Event correlation (Active mode) Event correlation is a data mining feature th at provides a way of re viewing attacks on multiple devices in one location . The FortiLog unit collates att ack events from all submitted logs and displa[...]

  • Página 80

    80 05-16000-0082-20050 1 15 Fortinet Inc. Event correlation (Active mode) Using Logs Show me Select Show me to view the selection from the sort li st. # The number of entries for the attack report. Log time The date and time of the attack. Device ID The name of the device subjected to th e attack. Source The source IP address of the attack. Destina[...]

  • Página 81

    FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 81 Using the FortiLog unit as a NAS Users can save, store and access information on the FortiL og hard disk as an alternate means of storing imp ortant files and wor k. T o provide users with access to the FortiLog file system you must: • configure t[...]

  • Página 82

    82 05-16000-0082-20050 1 15 Fortinet Inc. Providing access to the FortiLog hard disk Using the FortiLog unit a s a NAS Providing access to the FortiLog hard disk T o enable user access to the FortiLog hard disk to store and access files you need to add user and group account s to the FortiLog u nit. Along with user and group accounts, you define th[...]

  • Página 83

    Using the FortiLog unit as a NAS Providing access to the FortiLog hard disk FortiLog Administration Guide 05-16000-0082-20050 1 15 83 Adding and modifyi ng group accounts Create user group s to assign directory access to many users at once rath er than individually . T o add a user group 1 Go to Network Sh aring > G roups . 2 Select Create New .[...]

  • Página 84

    84 05-16000-0082-20050 1 15 Fortinet Inc. Providing access to the FortiLog hard disk Using the FortiLog unit a s a NAS Figure 49: Windows sharing confi guration 3 Select the Local Path button to select the f older for th e users or groups to access . 4 Select OK. 5 Enter the Share Name to descri be the shared folder . 6 Select user and group names [...]

  • Página 85

    Using the FortiLog unit as a NAS Providing access to the FortiLog hard disk FortiLog Administration Guide 05-16000-0082-20050 1 15 85 Figure 50: NFS share configuration 3 Select the Local Path button to select the f older for th e users or groups to access . 4 Select OK. 5 Enter the IP address of the remot e system or user ID. 6 Select user and gro[...]

  • Página 86

    86 05-16000-0082-20050 1 15 Fortinet Inc. Setting folder an d file prope rties Using the FortiLog unit a s a NAS Setting folder and file properties The FortiLog unit enables you to administer the folders and files on the FortiLog hard disk. Using the file bro wser you can: • rename and delete files and folder s • set the access permissions • [...]

  • Página 87

    FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 87 FortiLog CLI reference This chapter explains how to connect to and use the FortiLog comm and line interface (CLI). Y ou can use CLI commands to view all system information and to change all system configuration settings. • CLI documentat ion conve[...]

  • Página 88

    88 05-16000-0082-20050 1 15 Fortinet Inc. Connecting to the CLI FortiLog CLI reference Connecting to the CLI The FortiLog-800 model has serial port and you can use the null modem cable to connect it to your management computer . The FortiLog-100 and 400 models do not supp ort serial cable connections. Y ou can use a t erminal emulation sof tware su[...]

  • Página 89

    FortiLog CLI reference Connecting to the CLI FortiLog Administration Guide 05-16000-0082-20050 1 15 89 10 T ype the password for this administrator an d press Enter . The following prompt appears: Welcome! Y ou have connected to the FortiLog CLI, and you can enter CLI command s. Setting administrative access for SSH or Telnet T o con figure the F o[...]

  • Página 90

    90 05-16000-0082-20050 1 15 Fortinet Inc. Connecting to the CLI FortiLog CLI reference 4 T o confirm that you have configured SSH or T elnet access correctly , enter the following command to view the access settings for the inter face: get system interface The CLI displays the settings, including the management access settings, for the port1 interf[...]

  • Página 91

    FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 91 CLI commands The FortiLog CLI command s include: • execute br anch • get branch • set branch • unset branch execute branch Use execute to run static commands, to reset the F ortiLog unit to factor y defaults, to back up or restore FortiLog configur[...]

  • Página 92

    92 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference get branch Use get to display settings, logs, or system information. T able 5: get command architecture get alertemail configuration <retu rn> setting <return> config <return> <keyword_str> <return> console <return> report resolve alias[...]

  • Página 93

    FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 93 get report reso lve Display the settings (what is turned on) for resolving host and service names. get report alia ses Display a list of IP aliases and their IP address. get log client Display the FortiGate units c onnected to the Forti Log unit. get log e[...]

  • Página 94

    94 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set branch Use set to configure settings, logs, or system information. set alertemail Use set alertemail to configure alert mails. T able 6: set alertemail comman d architecture set alertemai l configuration auth {enable | disable} <return> mailto <string> <[...]

  • Página 95

    FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 95 set alertemai l device {enable | disable} add virusalert {enable | disable}< return> virusany {any |some| <return> viruskeywords <keyword1 | keyword2 > <return> virusnum {1 | 5 | 10 | 20 | 50 | 100 | 500 | 1000} <return> virus[...]

  • Página 96

    96 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set alertmail device enable add levelnum {emergency | alert | critical | error | warning | notification | information} Set the level to monitor before sending an alert message. The F ortiLog unit sends alert email for all messages at and above the logging severity level y[...]

  • Página 97

    FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 97 set console Use set console to set console configurat ion. T able 7: set cons ole comman d architectu re set console baudrate {9600 | 19200 | 38400 | 57600 | 115200} <return> mode batch <return> line <return> page <integer/0> <re[...]

  • Página 98

    98 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set log Use set log to configure log settings T able 8: set log command architectu re set log client <string> deviceid <string> secure {yes | no} psk <string> space <number> <return> filesz <integer> <return> fileage <integer&g[...]

  • Página 99

    FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 99 set log devtype <string> report name <report name><Return> period from <YY -MM- DD-HH> to <YY -MM-DD- HH> today | yesterday this {year |quarter|month| week} last {year|quarter|m onth|week} nweeks< weeks> ndays<d ays&g[...]

  • Página 100

    100 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference Commands Descr iption set log client <client_string> device id <id_string> secure {yes | no} psk <p sk_string> space <number> filesz <fil esz_integer> fileage <fileage_integer> spacefull {overwrite_oldest | stop_loggin g} Configur e th[...]

  • Página 101

    FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 101 set log setting syslo g remote server <server _ip> port <port_integer> loglevel <severity_lev el> Set the remote syslog severity level 0 = Emergency , 1 = Alert, 2 = Critical, 3 = Error , 4 = W arning, 5 = Notificati on, 6 = Information [...]

  • Página 102

    102 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set log devtype <str ing> filters <string> Select the filter options to include in a rep ort and store a s a profile for later use in other reports. set log devtype <str ing> schedule <strin g> {none|hours< hour> | daily | days <mon, t ue[...]

  • Página 103

    FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 103 set NAS Use set NAS to configure the FortiLog NAS serve r settings when using the FortiLog unit in Passive mode. T able 9: set NAS command archite cture set nas protocol nfs share workgroup <workgroup> user <user name> uid <uid> name <[...]

  • Página 104

    104 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set report Use set report to configure the Fort iLog report settings. set system Use set system to configure the Fort iLog system settings. T able 10: set report command architecture set report resolve <services | aliases> alias <alias> ho stnetrange <x.x.[...]

  • Página 105

    FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 105 set system interface <intf_str> config denyaccess ping <r eturn> https <return> ssh <retur n> snmp <return > http <return> telnet <return> wins <xxx.xxx.xxx.xxx> <return> macaddr {xxx.xxx.xxx.xxx | fac[...]

  • Página 106

    106 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set system interface <intf_str> config denyaccess ping <r eturn> https <return> ssh <retur n> snmp <return > http <return> telnet <return> wins <xxx.xxx.xxx.xxx> <return> macaddr {xxx.xxx.xxx.xxx | factorydefault} <[...]

  • Página 107

    FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 107 set system opmode active <return> passive <return> option admintimeout <timeout_integer> <return> authtime out <<timeout_integer> <return> language <language_str> <return> refresh {interval | none} <re[...]

  • Página 108

    108 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference Commands Descript ion set system admin username <name_str> password <password_str> permission {readonly | readwrite} Enter system administrator user name, password, and access permission. • <name_str> is the administrator user n ame. • <password_[...]

  • Página 109

    FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 109 set system interface config stp_passthrough set system interface <intf_str> config mode static Set the interface mode to static. set system mainregpage hide Hide main regist ration message. set system session_ttl port <port_num> ti meout <t[...]

  • Página 110

    11 0 05-16000-0 082-200501 15 Fortinet Inc. CLI commands FortiLog CLI reference unset branch Use unset to remove configuration of aler t email, log, and system. set system time ma nual zone <No.> Set the system time zone by number . set system time manual dst {disable | enable} Enable or d isable daylight sa ving time. set system time ntp ntp[...]

  • Página 111

    FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 111 unset nas user <user name> Remove a user name. unset nas group <g roup name> Remove a group name. unset nas share <sha re name> Remove a Wi ndows-shared folder setting. unset nas nfs path <local p ath> Remove a Network File Share p[...]

  • Página 112

    11 2 05-16000-0 082-200501 15 Fortinet Inc. CLI commands FortiLog CLI reference[...]

  • Página 113

    FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 11 3 Appendix A: Log Report T ypes Y our FortiLog unit is can gener ate over 130 dif ferent types of log reports. Listed here are the log report s and a short description. Network Activity Network activity log reports reco rd total networ k traffic a c[...]

  • Página 114

    11 4 05-16000-0 082-200501 15 Fortinet Inc. Appendix A: Log Report Types FTP Activity FTP report s reco rd tota l FTP access act iviti es including traffic direction, sites and connections. Web T raf fic By Direction T otal incoming and outgoing web traffic in kilobytes. Blocked Web Site Attempt s By Date Attempts to acce ss blocked web sties for a[...]

  • Página 115

    Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050 1 15 11 5 Terminal Activity T erminal activity reports record total T erminal/CLI access activities. Mail Acti vity Mail activity report s record Email traf fic and conn ections. Report Descrip tion T ermina l Traf fic By Date An d Service T e rminal activity by service [...]

  • Página 116

    11 6 05-16000-0 082-200501 15 Fortinet Inc. Appendix A: Log Report Types Intrusion Activity Intrusion activity repor ts record top netwo rk attacks and top att acks by a specific time. Antivirus Activity Antivirus activity reports record total antivi rus attacks by time, attack event types, top senders, and top re ceivers. Web Filter Activity Web f[...]

  • Página 117

    Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050 1 15 11 7 Mail Filter Activity Mail filter activity r eports re cord tota l and to p mail filter activities by device, time, and top senders an d receivers. Web Filter Events By Hour Of Day And T op Destinations Hourly web events by top web site destinations for a specif[...]

  • Página 118

    11 8 05-16000-0 082-200501 15 Fortinet Inc. Appendix A: Log Report Types VPN Activity VP N a ct iv i ty re po rts r ec or d t ota l V P N a ct iv it i es by a specific time and dir ection as well as top VPN ac tivities. Content Activity Content act ivity reports recor d content a ctivi ties by a specific time and direction as well as top content ac[...]

  • Página 119

    Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050 1 15 11 9 Content T raf fic By Hour Of Day And Service Hourly content traffic by Internet services in kilobytes fo r a specified date or range of days. Content T raf fic By Hour Of Day And S t atus Hourly email conte nt status in kilobytes for a specified date or range o[...]

  • Página 120

    120 05-16000-0082-20050 1 15 Fortinet Inc. Appendix A: Log Report Types[...]

  • Página 121

    FortiLog Administration Guide 05-16000-0082-20050 1 15 121 FortiLog Administration Guide V ersion 1.6 Index A access to files 82 account levels 48 active and passive mode 8 administrator account 48 read & write access 48 read only access 48 settings 46 administ rator accoun t netmask 108 trusted host 49 Adobe Acrobat files 65 alerts 30, 54 atta[...]

  • Página 122

    122 05-16000-0082-20050 1 15 Fortinet Inc. Index L language setting 46, 109 LCD panel 21 log policy 45 logs download FortiLog debug log 39 importing 77 information 75 settings 44 watching 78 M memory usage 32 MS Word files 65 N network attached server 81 network file system 81 network settings 42 NTP server 46 O on demand reports 64 operating modes[...]

  • Página 123

    Index FortiLog Administration Guide 05-16000-0082-20050 1 15 123 web-based manager connecting 19 idle ti meout 46 introduction 19 language 46, 109 windows shares 81[...]

  • Página 124

    124 05-16000-0082-20050 1 15 Fortinet Inc. Index[...]