Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Fortinet FortiWeb

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
SNMP Host Name, Vendor, Model, Version, Hardware Model, hardware CPU, memory, Disk, Interface, Uptime Performance monitoring
Syslog   System events (e.g. configuration changes), System up/down/restart events, Performance issues, Admin logon events, Security exploits Security Monitoring and compliance
Supported Syslog format

Currently FortiSIEM supports FortiWeb native logging format and not CEF format.

Event Types

In ADMIN > Device Support > Event, search for "fortiweb" to see the event types associated with this device.

Rules

In RESOURCE > Rules, search for "fortiweb" to see the rules associated with this device.

For generic availability rules, see RESOURCE > Rules > Availability > Network.

For generic performance rules, see RESOURCE > Rules > Performance > Network.

Reports

In RESOURCE > Reports, search for "fortiweb" to see the reports associated with this device.

Configuration

Syslog

Configure FortiWenb appliance to send logs to FortiSIEM. Make sure the format matches.

Sample FortiWeb Syslog:

date=2016-02-18 time=10:00:05 log_id=00001002 msg_id=000067508821 device_

id=FV400D3A15000010 vd="root" timezone="(GMT+3:00)Baghdad" type=event subtype="admin"

pri=information trigger_policy="" user=admin ui=GUI action=edit status=success msg="User

admin changed global from GUI(172.22.6.66)

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Fortinet FortiWeb
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration

Fortinet FortiWeb

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
SNMP Host Name, Vendor, Model, Version, Hardware Model, hardware CPU, memory, Disk, Interface, Uptime Performance monitoring
Syslog   System events (e.g. configuration changes), System up/down/restart events, Performance issues, Admin logon events, Security exploits Security Monitoring and compliance
Supported Syslog format

Currently FortiSIEM supports FortiWeb native logging format and not CEF format.

Event Types

In ADMIN > Device Support > Event, search for "fortiweb" to see the event types associated with this device.

Rules

In RESOURCE > Rules, search for "fortiweb" to see the rules associated with this device.

For generic availability rules, see RESOURCE > Rules > Availability > Network.

For generic performance rules, see RESOURCE > Rules > Performance > Network.

Reports

In RESOURCE > Reports, search for "fortiweb" to see the reports associated with this device.

Configuration

Syslog

Configure FortiWenb appliance to send logs to FortiSIEM. Make sure the format matches.

Sample FortiWeb Syslog:

date=2016-02-18 time=10:00:05 log_id=00001002 msg_id=000067508821 device_

id=FV400D3A15000010 vd="root" timezone="(GMT+3:00)Baghdad" type=event subtype="admin"

pri=information trigger_policy="" user=admin ui=GUI action=edit status=success msg="User

admin changed global from GUI(172.22.6.66)

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Fortinet FortiWeb
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration