Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Fortinet FortiADC

 

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
syslog Host name, Reporting IP None Event, Security and Traffic logs Security monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "FortiADC" to see the event types associated with this device.

Rules

No specific rules are written for FortiADC Web application firewall but generic firewall rules will apply.

Reports

No specific reports are written for FortiADC Web application firewall but generic firewall rules will apply.

Configuration

Configure FortiADC Web application firewall to send logs to FortiSIEM in the supported format (see Sample Events).

 

To configure a syslog object in FortiADC, take the following steps:

Note: Refer to the FortiADC Handbook for the most recent configuration information. Configuration taken from 6.1.2 FortiADC Handbook.

  1. Go to System > Alert > Alert Resource and select the Syslog tab.

  2. Click Create New.

  3. Complete the configuration as described in the following table.

    Settings

    Guidelines

    Name Enter a name for the syslog message object. No spaces. You will use this name to select the syslog in an Alert Actions profile.
    Syslog Server Enter the IP address of the syslog server that will receive syslog messages.
    Port Enter the port of the syslog server. The default is 514.
  4. Click Save.

Settings for Access Credentials

None required

Sample Events

<6>date=2019-06-12 time=13:05:52 device_id=FAD2KD3114000026 log_id=0000000100 type=event subtype=config pri=information vd=root msg_id=71118385 user=user1 ui=GUI(1.2.3.4) action=add cfgpath=log setting remote cfgobj=<No.> cfgattr=1 logdesc=Change the configuration msg="added a new entry '1' for "log setting remote" on domain "root””

<1>date=2019-06-12 time=13:06:52 device_id=FAD2KD3114000026 log_id=0003000235 type=event subtype=system pri=alert vd=root msg_id=71118386 submod=update user=system ui=system action=update status=none logdesc=License could not be validated msg="Unable to connect to FDS server"

Fortinet FortiADC

 

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
syslog Host name, Reporting IP None Event, Security and Traffic logs Security monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "FortiADC" to see the event types associated with this device.

Rules

No specific rules are written for FortiADC Web application firewall but generic firewall rules will apply.

Reports

No specific reports are written for FortiADC Web application firewall but generic firewall rules will apply.

Configuration

Configure FortiADC Web application firewall to send logs to FortiSIEM in the supported format (see Sample Events).

 

To configure a syslog object in FortiADC, take the following steps:

Note: Refer to the FortiADC Handbook for the most recent configuration information. Configuration taken from 6.1.2 FortiADC Handbook.

  1. Go to System > Alert > Alert Resource and select the Syslog tab.

  2. Click Create New.

  3. Complete the configuration as described in the following table.

    Settings

    Guidelines

    Name Enter a name for the syslog message object. No spaces. You will use this name to select the syslog in an Alert Actions profile.
    Syslog Server Enter the IP address of the syslog server that will receive syslog messages.
    Port Enter the port of the syslog server. The default is 514.
  4. Click Save.

Settings for Access Credentials

None required

Sample Events

<6>date=2019-06-12 time=13:05:52 device_id=FAD2KD3114000026 log_id=0000000100 type=event subtype=config pri=information vd=root msg_id=71118385 user=user1 ui=GUI(1.2.3.4) action=add cfgpath=log setting remote cfgobj=<No.> cfgattr=1 logdesc=Change the configuration msg="added a new entry '1' for "log setting remote" on domain "root””

<1>date=2019-06-12 time=13:06:52 device_id=FAD2KD3114000026 log_id=0003000235 type=event subtype=system pri=alert vd=root msg_id=71118386 submod=update user=system ui=system action=update status=none logdesc=License could not be validated msg="Unable to connect to FDS server"