Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Fortinet FortiManager

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
SNMP Host name, Hardware model, Network interfaces,  Operating system version Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and Performance Monitoring

Event Types

Regular monitoring events

  • PH_DEV_MON_SYS_CPU_UTIL
  • PH_DEV_MON_SYS_MEM_UTIL
  • PH_DEV_MON_SYS_DISK_UTIL
  • PH_DEV_MON_NET_INTF_UTIL

Rules

Regular monitoring rules

Reports

Regular monitoring reports

Configuration

Configuring FortiManager to send Local Logs to Syslog Server

To configure FortiManager to sent local logs to the syslog server, take the following steps:

  1. Go to System Settings > Advanced > Syslog Server to configure syslog server settings.

  2. Double-click on a server, right-click on a server, and then select Edit from the menu, or select a server then click Edit in the toolbar. The Edit Syslog Server Settings pane opens.

  3. Edit the settings as required, and then click OK to apply the changes.

Configuring FortiManager for Security and Compliance and Perf Logs

To configure FortiManager for Security and Compliance and Perf Logs, take the following steps:

  1. Go to System Settings > Advanced > SNMP to configure the SNMP agent.

  2. Select an SNMP Agent to enable/Select the Enable checkbox.

  3. Configure the SNMP Agent.

Configure an SNMPv3 User
  1. Go to System Settings > Advanced > SNMP and ensure the SNMP agent is enabled.

  2. In the SNMP v3 section, click Create New in the toolbar. The New SNMP User pane opens. Enter the following:

    1. In the User Name field, enter "fortisiem".

    2. In Security Level, select Authentication, Privacy.

    3. Select Authentication Algorithm (SHA1, MD5) the Private Algorithm (AES, DES).

    4. Select SHA1 and enter the password.

    5. Select AES and enter the password.

    6. Select Queries to enable, and leave the default port UDP to 161.

    7. In the Notification Hosts field, enter the FortiSIEM collector IP address.

    8. In SNMP Event, select all events.

    9. Click Save.

 

You can now configure FortiSIEM to communicate with FortiManager. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide. For Device Type Fortinet FortiManager, see Access Credentials.

Fortinet FortiManager

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
SNMP Host name, Hardware model, Network interfaces,  Operating system version Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and Performance Monitoring

Event Types

Regular monitoring events

  • PH_DEV_MON_SYS_CPU_UTIL
  • PH_DEV_MON_SYS_MEM_UTIL
  • PH_DEV_MON_SYS_DISK_UTIL
  • PH_DEV_MON_NET_INTF_UTIL

Rules

Regular monitoring rules

Reports

Regular monitoring reports

Configuration

Configuring FortiManager to send Local Logs to Syslog Server

To configure FortiManager to sent local logs to the syslog server, take the following steps:

  1. Go to System Settings > Advanced > Syslog Server to configure syslog server settings.

  2. Double-click on a server, right-click on a server, and then select Edit from the menu, or select a server then click Edit in the toolbar. The Edit Syslog Server Settings pane opens.

  3. Edit the settings as required, and then click OK to apply the changes.

Configuring FortiManager for Security and Compliance and Perf Logs

To configure FortiManager for Security and Compliance and Perf Logs, take the following steps:

  1. Go to System Settings > Advanced > SNMP to configure the SNMP agent.

  2. Select an SNMP Agent to enable/Select the Enable checkbox.

  3. Configure the SNMP Agent.

Configure an SNMPv3 User
  1. Go to System Settings > Advanced > SNMP and ensure the SNMP agent is enabled.

  2. In the SNMP v3 section, click Create New in the toolbar. The New SNMP User pane opens. Enter the following:

    1. In the User Name field, enter "fortisiem".

    2. In Security Level, select Authentication, Privacy.

    3. Select Authentication Algorithm (SHA1, MD5) the Private Algorithm (AES, DES).

    4. Select SHA1 and enter the password.

    5. Select AES and enter the password.

    6. Select Queries to enable, and leave the default port UDP to 161.

    7. In the Notification Hosts field, enter the FortiSIEM collector IP address.

    8. In SNMP Event, select all events.

    9. Click Save.

 

You can now configure FortiSIEM to communicate with FortiManager. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide. For Device Type Fortinet FortiManager, see Access Credentials.