Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Fortinet FortiADC

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
syslog Host name, Reporting IP None Event, Security and Traffic logs Security monitoring

Event Types

In ADMIN > Device Support > Event, Search for "FortiADC" to see the event types associated with this device.

Rules

No specific rules are written for FortiADC Web application firewall but generic firewall rules will apply.

Reports

No specific reports are written for FortiADC Web application firewall but generic firewall rules will apply.

Configuration

Configure FortiADC Web application firewall to send logs to FortiSIEM in the supported format (see Sample events below)

Settings for Access Credentials

None required

Sample Events

<6>date=2019-06-12 time=13:05:52 device_id=FAD2KD3114000026 log_id=0000000100 type=event subtype=config pri=information vd=root msg_id=71118385 user=user1 ui=GUI(1.2.3.4) action=add cfgpath=log setting remote cfgobj=<No.> cfgattr=1 logdesc=Change the configuration msg="added a new entry '1' for "log setting remote" on domain "root””

<1>date=2019-06-12 time=13:06:52 device_id=FAD2KD3114000026 log_id=0003000235 type=event subtype=system pri=alert vd=root msg_id=71118386 submod=update user=system ui=system action=update status=none logdesc=License could not be validated msg="Unable to connect to FDS server"

Fortinet FortiADC

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
syslog Host name, Reporting IP None Event, Security and Traffic logs Security monitoring

Event Types

In ADMIN > Device Support > Event, Search for "FortiADC" to see the event types associated with this device.

Rules

No specific rules are written for FortiADC Web application firewall but generic firewall rules will apply.

Reports

No specific reports are written for FortiADC Web application firewall but generic firewall rules will apply.

Configuration

Configure FortiADC Web application firewall to send logs to FortiSIEM in the supported format (see Sample events below)

Settings for Access Credentials

None required

Sample Events

<6>date=2019-06-12 time=13:05:52 device_id=FAD2KD3114000026 log_id=0000000100 type=event subtype=config pri=information vd=root msg_id=71118385 user=user1 ui=GUI(1.2.3.4) action=add cfgpath=log setting remote cfgobj=<No.> cfgattr=1 logdesc=Change the configuration msg="added a new entry '1' for "log setting remote" on domain "root””

<1>date=2019-06-12 time=13:06:52 device_id=FAD2KD3114000026 log_id=0003000235 type=event subtype=system pri=alert vd=root msg_id=71118386 submod=update user=system ui=system action=update status=none logdesc=License could not be validated msg="Unable to connect to FDS server"