- What is Discovered and Monitored
- Event Types
- Settings for Access Credentials
|Protocol||Information Discovered||Metrics Collected||Used For|
|SNMP||Host Name, Vendor, Model, Version, Hardware Model, hardware||CPU, memory, Disk, Interface, Uptime||Performance monitoring|
|Syslog||System events (e.g. configuration changes), System up/down/restart events, Performance issues, Admin logon events, Security exploits||Security Monitoring and compliance|
Currently FortiSIEM supports FortiWeb native logging format and not CEF format.
In ADMIN > Device Support > Event Types, search for "fortiweb" to see the event types associated with this device.
In RESOURCES > Rules, search for "fortiweb" in the main content panel Search... field to see the rules associated with this device.
For generic availability rules, see RESOURCES > Rules > Availability > Network.
For generic performance rules, see RESOURCES > Rules > Performance > Network.
In RESOURCES > Reports, search for "fortiweb" in the main content panel Search... field to see the reports associated with this device.
Configure FortiWeb appliance to send logs to FortiSIEM. Make sure the format matches. Configuration steps can be found in the FortiWeb Administration Guide Logging section. Remember to point your syslog policy to the FortiSIEM collector IP address.
date=2016-02-18 time=10:00:05 log_id=00001002 msg_id=000067508821 device_
id=FV400D3A15000010 vd="root" timezone="(GMT+3:00)Baghdad" type=event subtype="admin"
pri=information trigger_policy="" user=admin ui=GUI action=edit status=success msg="User
admin changed global from GUI(172.22.6.66)
Set these Access Method Definition values to allow FortiSIEM to communicate with your device.
|Device Type||Fortinet FortiWeb|
|Access Protocol||See Access Credentials|
|Port||See Access Credentials|
|Password config||See Password Configuration|