Fortinet FortiADC
- Integration Points
- Event Types
- Rules
- Reports
- Configuration
- Settings for Access Credentials
- Sample Events
Integration Points
Method | Information discovered | Metrics collected | LOGs collected | Used for |
syslog | Host name, Reporting IP | None | Event, Security and Traffic logs | Security monitoring |
Event Types
In ADMIN > Device Support > Event Types, search for "FortiADC" to see the event types associated with this device.
Rules
No specific rules are written for FortiADC Web application firewall but generic firewall rules will apply.
Reports
No specific reports are written for FortiADC Web application firewall but generic firewall rules will apply.
Configuration
Configure FortiADC Web application firewall to send logs to FortiSIEM in the supported format (see Sample Events).
To configure a syslog object in FortiADC, take the following steps:
Note: Refer to the FortiADC Handbook for the most recent configuration information. Configuration taken from 6.1.2 FortiADC Handbook.
-
Go to System > Alert > Alert Resource and select the Syslog tab.
-
Click Create New.
-
Complete the configuration as described in the following table.
Settings
Guidelines
Name Enter a name for the syslog message object. No spaces. You will use this name to select the syslog in an Alert Actions profile. Syslog Server Enter the IP address of the syslog server that will receive syslog messages. Port Enter the port of the syslog server. The default is 514. -
Click Save.
Settings for Access Credentials
None required
Sample Events
<6>date=2019-06-12 time=13:05:52 device_id=FAD2KD3114000026 log_id=0000000100 type=event subtype=config pri=information vd=root msg_id=71118385 user=user1 ui=GUI(1.2.3.4) action=add cfgpath=log setting remote cfgobj=<No.> cfgattr=1 logdesc=Change the configuration msg="added a new entry '1' for "log setting remote" on domain "root””
<1>date=2019-06-12 time=13:06:52 device_id=FAD2KD3114000026 log_id=0003000235 type=event subtype=system pri=alert vd=root msg_id=71118386 submod=update user=system ui=system action=update status=none logdesc=License could not be validated msg="Unable to connect to FDS server"