Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Fortinet FortiNAC

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
Syslog Host name, Reporting IP None Administrative and User Admission Control events Security monitoring

Event Types

In ADMIN > Device Support > Event, search for "FortiNAC" to see the event types associated with this device.

Rules

No specific rules are written for FortiNAC but generic rules for network admission control apply

Reports

No specific reports are written for FortiNAC but generic reports for network admission control apply Configuration

Configuration

Configure FortiNAC system to send logs to FortiSIEM in the supported format (see Sample Events).

Settings for Access Credentials

None required.

Sample Events

<37>Jan 08 19:03:45 : CEF:0|Bradford Networks|FortiNAC-VM-Control and Application Server|8.3.0.79|426|

Adapter Destroyed|1|rt=Jan 08 19:03:45 269 UTC cat=EndStation msg=Adapter 18:5E:0F:AA:56:31 Destroyed.

 

<37>Dec 06 10:34:42 : CEF:0|Bradford Networks|FortiNAC-VM-Control and Application Server|

8.3.1.30|447702|Admin User Login Success|1|rt=Dec 06 10:34:42 736 CET

cat= suid=guiadmin msg=Admin user guiadmin logged in.

 

<37>Apr 16 11:06:19 : CEF:0|Bradford Networks|FortiNAC-VM-Control and Application Server|8.3.6.104|605250|

Security Risk Host|1|rt=Apr 16 11:06:19 447 CEST cat=EndStation src=192.168.242.20 smac=00:26:9E:D9:87:12

shost=X100e-1 cs1Label=Physical<space>network<space>location cs1=BA-HPswitch GigabitEthernet1/0/10

{ GigabitEthernet1/0/10 Interface } msg=Host failed Windows-PA-Notepad Tests: Failed :: Custom :: Notepad

MAC Address: 00:26:9E:D9:87:12 Last Known Adapter IP: 192.168.242.20 Host Location: BA-HPswitch

GigabitEthernet1/0/10 { GigabitEthernet1/0/10 Interface }

Fortinet FortiNAC

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
Syslog Host name, Reporting IP None Administrative and User Admission Control events Security monitoring

Event Types

In ADMIN > Device Support > Event, search for "FortiNAC" to see the event types associated with this device.

Rules

No specific rules are written for FortiNAC but generic rules for network admission control apply

Reports

No specific reports are written for FortiNAC but generic reports for network admission control apply Configuration

Configuration

Configure FortiNAC system to send logs to FortiSIEM in the supported format (see Sample Events).

Settings for Access Credentials

None required.

Sample Events

<37>Jan 08 19:03:45 : CEF:0|Bradford Networks|FortiNAC-VM-Control and Application Server|8.3.0.79|426|

Adapter Destroyed|1|rt=Jan 08 19:03:45 269 UTC cat=EndStation msg=Adapter 18:5E:0F:AA:56:31 Destroyed.

 

<37>Dec 06 10:34:42 : CEF:0|Bradford Networks|FortiNAC-VM-Control and Application Server|

8.3.1.30|447702|Admin User Login Success|1|rt=Dec 06 10:34:42 736 CET

cat= suid=guiadmin msg=Admin user guiadmin logged in.

 

<37>Apr 16 11:06:19 : CEF:0|Bradford Networks|FortiNAC-VM-Control and Application Server|8.3.6.104|605250|

Security Risk Host|1|rt=Apr 16 11:06:19 447 CEST cat=EndStation src=192.168.242.20 smac=00:26:9E:D9:87:12

shost=X100e-1 cs1Label=Physical<space>network<space>location cs1=BA-HPswitch GigabitEthernet1/0/10

{ GigabitEthernet1/0/10 Interface } msg=Host failed Windows-PA-Notepad Tests: Failed :: Custom :: Notepad

MAC Address: 00:26:9E:D9:87:12 Last Known Adapter IP: 192.168.242.20 Host Location: BA-HPswitch

GigabitEthernet1/0/10 { GigabitEthernet1/0/10 Interface }