Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Fortinet FortiAuthenticator

What is Discovered and Monitored

Protocol Information Discovered Data Collected Used for
SNMP Vendor, OS, Model, Network Interfaces Interface Stat, Authentication Stat Performance Monitoring
Syslog LOG Discovery Over 150 event types Security and Compliance

Event Types

In RESOURCES > Event Types, search for "FortiAuthenticator" in the main content panel Search... field.

Sample Event Type:

<14>Aug 14 22:32:52 db[16987]:  category="Event" subcategory="Authentication" typeid=20995 level="information" user="admin" nas="" action="Logout" status="" Administrator 'admin' logged out

Configuration

FortiAuthenticator logging instructions can be found here: https://docs.fortinet.com/document/fortiauthenticator/6.3.1/administration-guide/964220/log-configuration

Configure FortiAuthenticator to send logs to FortiSIEM by taking the following steps:

Create a Syslog Server
  1. From FortiAuthenticator, navigate to Logging > Log Config > Syslog Servers.

  2. Click Create New.

  3. In the Name field, enter a name such as "FortiSIEM Collector".

  4. In the Server name/IP field, enter the FortiSIEM Collector IP address.

  5. In the Port field, ensure 514 is configured.

  6. Click OK to add the syslog server.

Configure Remote Logging
  1. Navigate to Logging > Log Config > Log Settings.

  2. Go to Remote Syslog and make sure Send system logs to remote Syslog servers is enabled.

  3. Move the "FortiSIEM Collector" syslog server to which logs will be sent from the Available Syslog Servers box to the Chosen Syslog Servers box.

  4. Select OK to save your settings.

 

FortiSIEM Access Credentials

For Device Type, select Fortinet FortiAuthenticator from the drop-down list. See Access Credentials for more information on configuration.

Fortinet FortiAuthenticator

What is Discovered and Monitored

Protocol Information Discovered Data Collected Used for
SNMP Vendor, OS, Model, Network Interfaces Interface Stat, Authentication Stat Performance Monitoring
Syslog LOG Discovery Over 150 event types Security and Compliance

Event Types

In RESOURCES > Event Types, search for "FortiAuthenticator" in the main content panel Search... field.

Sample Event Type:

<14>Aug 14 22:32:52 db[16987]:  category="Event" subcategory="Authentication" typeid=20995 level="information" user="admin" nas="" action="Logout" status="" Administrator 'admin' logged out

Configuration

FortiAuthenticator logging instructions can be found here: https://docs.fortinet.com/document/fortiauthenticator/6.3.1/administration-guide/964220/log-configuration

Configure FortiAuthenticator to send logs to FortiSIEM by taking the following steps:

Create a Syslog Server
  1. From FortiAuthenticator, navigate to Logging > Log Config > Syslog Servers.

  2. Click Create New.

  3. In the Name field, enter a name such as "FortiSIEM Collector".

  4. In the Server name/IP field, enter the FortiSIEM Collector IP address.

  5. In the Port field, ensure 514 is configured.

  6. Click OK to add the syslog server.

Configure Remote Logging
  1. Navigate to Logging > Log Config > Log Settings.

  2. Go to Remote Syslog and make sure Send system logs to remote Syslog servers is enabled.

  3. Move the "FortiSIEM Collector" syslog server to which logs will be sent from the Available Syslog Servers box to the Chosen Syslog Servers box.

  4. Select OK to save your settings.

 

FortiSIEM Access Credentials

For Device Type, select Fortinet FortiAuthenticator from the drop-down list. See Access Credentials for more information on configuration.