Fortinet black logo

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

FortiWLC

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP Controller – Name, OS, Serial Number, Interfaces, Associated Access Points – name, OS, Interfaces Controller – CPU, Memory, Disk, Throughput, QoS statistics, Station count Performance and Availability Monitoring
Syslog   Hardware/Software errors, failures, logons, license expiry, Access Point Association / Disassociation Security Monitoring and log analysis

Event Types

In ADMIN > Device Support > Event Types, search for "FortiWLC" to see the event types associated with this device. 

Rules

There are no predefined rules for this device. 

Reports

There are no predefined reports for this device. 

Configuration

To configure syslog for FortiWLC, see the following knowledgebase article How to send station-log messages from FortiWLC to external sys-log server.

Configure FortiWLC to:

  1. Send Syslog to FortiSIEM.
  2. Enable SNMP read from FortiSIEM.

 

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Fortinet FortiWLC
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration

Sample Events

FortiSIEM generated performance monitoring events:

[PH_DEV_MON_SYS_CPU_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortiWLCWLAN.cpp,

[lineNumber]=281,[cpuName]=CPU,[hostName]=FWLCDemo,[hostIpAddr]=172.30.72.40,

[cpuUtil]=2.000000,[sysCpuUtil]=0.000000,[userCpuUtil]=2.000000,[waitCpuUtil]=98.000000,

[pollIntv]=176,[phLogDetail]=

[PH_DEV_MON_SYS_DISK_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortiWLCWLAN.cpp,

[lineNumber]=286,[diskName]=Disk,[hostName]=FWLCDemo,[hostIpAddr]=172.30.72.40,

[diskUtil]=65.000000,[totalDiskMB]=1084,[availDiskMB]=367,[pollIntv]=176,[phLogDetail]=

 

[PH_DEV_MON_SYS_MEM_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortiWLCWLAN.cpp,

[lineNumber]=284,[memName]=PhysicalMemory,[hostName]=FWLCDemo,[hostIpAddr]=172.30.72.40,

[memUtil]=9.000000,[totalMemKB]=3922244,[freeMemKB]=3538244,[usedMemKB]=384000,

[phLogDetail]=

 

[PH_DEV_MON_FORTIWLC_SYS_THRUPUT]:[eventSeverity]=PHL_INFO,

[fileName]=deviceFortiWLCWLAN.cpp,[lineNumber]=343,[hostIpAddr]=172.30.72.40,

[pollIntv]=180,[recvBytes]=3940593459,[sentBytes]=4002693999,[recvBitsPerSec]=0.000000,

[sentBitsPerSec]=0.000000,[wlanRecvBytes]=10851874907433110752,

[wlanSentBytes]=9983789733519268498,[wlanRecvBitsPerSec]=0.000000,

[wlanSentBitsPerSec]=0.000000,[phLogDetail]=

 

[PH_DEV_MON_FORTIWLC_QOS_STAT]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortiWLCWLAN.cpp,

[lineNumber]=426,[hostIpAddr]=172.30.72.40,[pollIntv]=176,[qosSessionCount]=1,

[qosH323SessionCount]=2,[qosSipSessionCount]=3,[qosSccpSessionCount]=4,

[qosRejectedSessionCount]=5,[qosRejectedH323SessionCount]=6,

[qosRejectedSipSessionCount]=7,[qosRejectedSccpSessionCount]=8,[qosPendingSessionCount]=9,

[qosH323PendingSessionCount]=10,[qosSipPendingSessionCount]=11,

[qosSccpPendingSessionCount]=12,[qosActiveFlowCount]=13,[qosPendingFlowCount]=14,

[phLogDetail]=

 

[PH_DEV_MON_FORTIWLC_STATIONS]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortiWLCWLAN.cpp,

[lineNumber]=511,[hostIpAddr]=172.30.72.40,[pollIntv]=176,[station11a]=1,[station11an1]=2,

[station11an2]=3,[station11an3]=4,[station11b]=5,[station11bg]=6,[station11gn1]=7,

[station11gn2]=8,[station11gn3]=9,[stationData]=10,[stationPhone]=11,[stationWired]=12,

[station11ac1]=13,[station11ac2]=14,[station11ac3]=15,[stationUnknown]=16,[phLogDetail]=

 

FortiWLC Syslog

Apr 09 15:07:54 172.18.37.203 ALARM: 1270826655l | system | info | ALR | RADIUS SERVER

SWITCHOVER FAILED MAJOR Primary RADIUS Server <172.18.1.3> failed. No valid Secondary

RADIUS Server present. Switchover FAILED for Profile <4089wpa2>

FortiWLC

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP Controller – Name, OS, Serial Number, Interfaces, Associated Access Points – name, OS, Interfaces Controller – CPU, Memory, Disk, Throughput, QoS statistics, Station count Performance and Availability Monitoring
Syslog   Hardware/Software errors, failures, logons, license expiry, Access Point Association / Disassociation Security Monitoring and log analysis

Event Types

In ADMIN > Device Support > Event Types, search for "FortiWLC" to see the event types associated with this device. 

Rules

There are no predefined rules for this device. 

Reports

There are no predefined reports for this device. 

Configuration

To configure syslog for FortiWLC, see the following knowledgebase article How to send station-log messages from FortiWLC to external sys-log server.

Configure FortiWLC to:

  1. Send Syslog to FortiSIEM.
  2. Enable SNMP read from FortiSIEM.

 

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Fortinet FortiWLC
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration

Sample Events

FortiSIEM generated performance monitoring events:

[PH_DEV_MON_SYS_CPU_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortiWLCWLAN.cpp,

[lineNumber]=281,[cpuName]=CPU,[hostName]=FWLCDemo,[hostIpAddr]=172.30.72.40,

[cpuUtil]=2.000000,[sysCpuUtil]=0.000000,[userCpuUtil]=2.000000,[waitCpuUtil]=98.000000,

[pollIntv]=176,[phLogDetail]=

[PH_DEV_MON_SYS_DISK_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortiWLCWLAN.cpp,

[lineNumber]=286,[diskName]=Disk,[hostName]=FWLCDemo,[hostIpAddr]=172.30.72.40,

[diskUtil]=65.000000,[totalDiskMB]=1084,[availDiskMB]=367,[pollIntv]=176,[phLogDetail]=

 

[PH_DEV_MON_SYS_MEM_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortiWLCWLAN.cpp,

[lineNumber]=284,[memName]=PhysicalMemory,[hostName]=FWLCDemo,[hostIpAddr]=172.30.72.40,

[memUtil]=9.000000,[totalMemKB]=3922244,[freeMemKB]=3538244,[usedMemKB]=384000,

[phLogDetail]=

 

[PH_DEV_MON_FORTIWLC_SYS_THRUPUT]:[eventSeverity]=PHL_INFO,

[fileName]=deviceFortiWLCWLAN.cpp,[lineNumber]=343,[hostIpAddr]=172.30.72.40,

[pollIntv]=180,[recvBytes]=3940593459,[sentBytes]=4002693999,[recvBitsPerSec]=0.000000,

[sentBitsPerSec]=0.000000,[wlanRecvBytes]=10851874907433110752,

[wlanSentBytes]=9983789733519268498,[wlanRecvBitsPerSec]=0.000000,

[wlanSentBitsPerSec]=0.000000,[phLogDetail]=

 

[PH_DEV_MON_FORTIWLC_QOS_STAT]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortiWLCWLAN.cpp,

[lineNumber]=426,[hostIpAddr]=172.30.72.40,[pollIntv]=176,[qosSessionCount]=1,

[qosH323SessionCount]=2,[qosSipSessionCount]=3,[qosSccpSessionCount]=4,

[qosRejectedSessionCount]=5,[qosRejectedH323SessionCount]=6,

[qosRejectedSipSessionCount]=7,[qosRejectedSccpSessionCount]=8,[qosPendingSessionCount]=9,

[qosH323PendingSessionCount]=10,[qosSipPendingSessionCount]=11,

[qosSccpPendingSessionCount]=12,[qosActiveFlowCount]=13,[qosPendingFlowCount]=14,

[phLogDetail]=

 

[PH_DEV_MON_FORTIWLC_STATIONS]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortiWLCWLAN.cpp,

[lineNumber]=511,[hostIpAddr]=172.30.72.40,[pollIntv]=176,[station11a]=1,[station11an1]=2,

[station11an2]=3,[station11an3]=4,[station11b]=5,[station11bg]=6,[station11gn1]=7,

[station11gn2]=8,[station11gn3]=9,[stationData]=10,[stationPhone]=11,[stationWired]=12,

[station11ac1]=13,[station11ac2]=14,[station11ac3]=15,[stationUnknown]=16,[phLogDetail]=

 

FortiWLC Syslog

Apr 09 15:07:54 172.18.37.203 ALARM: 1270826655l | system | info | ALR | RADIUS SERVER

SWITCHOVER FAILED MAJOR Primary RADIUS Server <172.18.1.3> failed. No valid Secondary

RADIUS Server present. Switchover FAILED for Profile <4089wpa2>