Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • External Systems Configuration Guide

    Home FortiSIEM 6.1.1 External Systems Configuration Guide
    6.1.1
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.0.0

    Linux DHCP

    Linux DHCP

    What is Discovered and Monitored

    Protocol

    Information discovered

    Metrics collected

    Used for

    SNMP

    Application type

    Process level CPU utilization, Memory utilization

    Performance Monitoring

    Syslog

    Application type

    DHCP address release/renew events that are used by FortiSIEM for Identity and location: attributes include IP Address, MAC address, Host Name

    Security and compliance (associate machines to IP addresses)

    Event Types

    In ADMIN > Device Support > Event, search for "linux dhcp" in the Device Type column to see the event types associated with this device.

    Configuration

    SNMP
    1. Make sure that snmp libraries are installed.
      FortiSIEM has been tested to work with net-snmp libraries.
    2. Log in to your device with administrator credentials.
    3. Modify the /etc/snmp/snmpd.conf file:
      1. Define the community string for FortiSIEM usage and permit snmp access from FortiSIEM IP.
      2. Allow FortiSIEM to (read-only) view the mib-2 tree.
      3. Open up the entire tree for read-only view.
    4. Restart the snmpd deamon by issuing /etc/init.d/snmpd restart.
    5. Add the snmpd daemon to start from boot by issuing chkconfig snmpd on.
    6. Make sure that snmpd is running.

    You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

    Syslog

    Configure Linux DHCP to Forward Logs to Syslog Daemon

    1. Edit dhcpd.conf and insert the line log-facility local7;.
    2. Restart dhcpd by issuing /etc/init.d/dhcpd restart.

    Configure Syslog to Forward to FortiSIEM

    1. Edit syslog.conf and add a new line: Local7.* @<IP address of FortiSIEM server>.
    2. Restart syslog daemon by issuing /etc/init.d/syslog restart.
    Sample Syslog
    <13>Aug 26 19:28:11 DNS-Pri dhcpd: DHCPREQUEST for 172.16.10.200 (172.16.10.8) from 00:50:56:88:4e:17 (26L2233B1-02)

    Settings for Access Credentials

    SNMP Access Credentials for All Devices

    Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

    SettingValue
    Name<set name>
    Device TypeGeneric
    Access ProtocolSNMP
    Community String<your own>
    Previous
    Next

    Linux DHCP

    Linux DHCP

    What is Discovered and Monitored

    Protocol

    Information discovered

    Metrics collected

    Used for

    SNMP

    Application type

    Process level CPU utilization, Memory utilization

    Performance Monitoring

    Syslog

    Application type

    DHCP address release/renew events that are used by FortiSIEM for Identity and location: attributes include IP Address, MAC address, Host Name

    Security and compliance (associate machines to IP addresses)

    Event Types

    In ADMIN > Device Support > Event, search for "linux dhcp" in the Device Type column to see the event types associated with this device.

    Configuration

    SNMP
    1. Make sure that snmp libraries are installed.
      FortiSIEM has been tested to work with net-snmp libraries.
    2. Log in to your device with administrator credentials.
    3. Modify the /etc/snmp/snmpd.conf file:
      1. Define the community string for FortiSIEM usage and permit snmp access from FortiSIEM IP.
      2. Allow FortiSIEM to (read-only) view the mib-2 tree.
      3. Open up the entire tree for read-only view.
    4. Restart the snmpd deamon by issuing /etc/init.d/snmpd restart.
    5. Add the snmpd daemon to start from boot by issuing chkconfig snmpd on.
    6. Make sure that snmpd is running.

    You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

    Syslog

    Configure Linux DHCP to Forward Logs to Syslog Daemon

    1. Edit dhcpd.conf and insert the line log-facility local7;.
    2. Restart dhcpd by issuing /etc/init.d/dhcpd restart.

    Configure Syslog to Forward to FortiSIEM

    1. Edit syslog.conf and add a new line: Local7.* @<IP address of FortiSIEM server>.
    2. Restart syslog daemon by issuing /etc/init.d/syslog restart.
    Sample Syslog
    <13>Aug 26 19:28:11 DNS-Pri dhcpd: DHCPREQUEST for 172.16.10.200 (172.16.10.8) from 00:50:56:88:4e:17 (26L2233B1-02)

    Settings for Access Credentials

    SNMP Access Credentials for All Devices

    Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

    SettingValue
    Name<set name>
    Device TypeGeneric
    Access ProtocolSNMP
    Community String<your own>
    Previous
    Next