Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

FortiSOAR Admin CLI

An administrator can use FortiSOAR Admin CLI (csadm) to perform various functions such as backing up and restoring data and run various FortiSOAR commands such as starting and stopping services and collecting logs.

Prerequisites

To run csadm you must login as root or have sudo permissions.

FortiSOAR Admin CLI - Usage

Once you type # csadm on the command prompt, the usage and subcommands of the FortiSOAR Admin CLI are displayed as shown in the following image:

FortiSOAR™ Admin CLI command prompt

To perform a particular task in FortiSOAR using csadm, you must type # csadm and then its subcommand and the subcommand’s arguments (if any). For example, to change a hostname use the following command:
# csadm hostname --set [<hostname to be set>]

You can get help for a particular subcommand by running following command:
# csadm <subcommand>
OR
# csadm <subcommand> --help

csadm supports the following subcommands:

Subcommand Description
certs

Generates and deploys your certificates. You can use the following options with this subcommand:

  • --deploy: Deploys SSL certificates. For more information, see the Updating the SSL certificates section in the Additional configuration settings for FortiSOAR chapter in the "Deployment Guide."

  • --generate <host name>: Generates and deploys self-signed certificates. You can use the --no-replace-nginx-cert option with this command, if you do not want to replace your nginx self-signed certificates.

db

Performs operations related to database.
You can use the following options with this subcommand:

  • --change-passwd: Changes the password of your PostgreSQL database.
    Once you run this command, you will be prompted to enter the password of your choice and confirm the password, which will then update your PostgreSQL database password to the new password.

  • --backup [<backup_dir_path>]: Performs a backup of your FortiSOAR system, including backup of both data and configuration files in the directory you have specified.
    From version 6.4.3 onwards, you can optionally use the --exclude-workflow option to exclude all the "Executed Playbook Logs" from the backup. For more information, see the Backing up and Restoring FortiSOAR chapter.

  • --backup-config [<backup_dir_path>]: Performs a backup of only your configuration files in the directory you have specified.

  • --restore [<backup_file_path>: Performs data restore from a locally stored file, whose path you have specified. The default location of the backup file is (/home/csadmin/db_backup/DR_BACKUP_<yyyymmdd_hhmmss>.tgz). For more information, see the Backing up and Restoring FortiSOAR chapter.

  • -encrypt: Generates an encrypted version of the text that you have specified on the prompt. Use this command to generate an encrypted version of the password that you have set for your PostgreSQL database.

  • --externalize: Performs externalization of your FortiSOAR PostgreSQL data. You must provide the path in which you want to save your database backup file. For more information, see the Externalization of your FortiSOAR PostgreSQL database chapter.
    --check-connection: Checks the connection between FortiSOAR and the external PostgreSQL database.

  • --getsize: Displays the size of the primary data and the audit and workflow logs in your database. This enables you to see the current usage and calculate usage over time based on your purging policy.

From version 7.0.0 onwards, you can also backup and restore the data of your external Secure Message Exchange (SME) system, by using the following commands:

  • --backup [<backup_dir_path>]: Performs a backup of your external SME system.

  • --restore [<backup_file_path>: Performs data restore for your external SME system from a locally stored file, whose path you have specified. The default location of the backup file is (/home/csadmin/db_backup/DR_BACKUP_<yyyymmdd_hhmmss>.tgz). For more information, see the Backing up and Restoring FortiSOAR chapter.
    Note: All other options of the db option are not applicable to the external SME.

ha Manages your FortiSOAR High Availability cluster. For more information about HA and its commands, see the High Availability support in FortiSOAR chapter.
hostname

Changes the name of the host and Fully Qualified Domain Name (FQDN) based on the parameters you have specified. You can use the following options with this subcommand:

  • --set [<hostname>]: If you specify a new hostname, then this changes your current hostname to the new hostname that you have specified, sets up the message broker, regenerates certificates, and restarts FortiSOAR services.
    If you do not specify a hostname, then this sets up the message broker, regenerates certificates using the existing hostnam, and restarts FortiSOAR services.
    Note: Before you run this command, you must ensure that the specified hostname is resolvable.

  • --dns-name <DNS_SERVER_IP>: Adds the DNS server entry to the /etc/resolv.conf file.

license

Manages your FortiSOAR license. You can use the following options with this subcommand:

  • --get-device-uuid : Retrieves the Device UUID for your FortiSOAR instance.

  • --deploy-enterprise-license <License File Path>: Deploys your FortiSOAR enterprise license. For example, csadm license --deploy-enterprise-license temp/<Serial_No>.lic.

  • --deploy-multi-tenant-license <License File Path>: Deploys your FortiSOAR multitenancy license.

  • --show-details: Displays details of the installed license such as, type of license, Device UUID, expiry date of the license, etc. If you add the [License File Path] parameter to this subcommand, for example --show-details /home/<Serial_No>.lic, then this displays the contents of the license file.

mq FortiSOAR message queue controller (RabbitMQ) functions.
--flush-db: Deletes and recreates the rabbitmq database.
log

Performs log collection and forwarding of syslogs. You can use the following options with this subcommand:

  • forward: Forwards FortiSOAR logs to your central log management server that supports a Rsyslog client. For the options that you can use with this subcommand see the CLI commands used for forwarding syslogs section. You can also configure syslog forwarding using the FortiSOAR UI, details of which are in the System Configuration chapter.

  • --collect [LOG_PATH]: Collects logs and bundles them up into a fortisoar-logs.tar.gz file. You must specify the path where the logs should be collected. If you do not specify a path, then the logs will be collected in the current working directory.

  • --password LOG_FILE_PASSWORD: Password-protects the log file, i.e., the password would be required to extract the log file contents. The collected logs are bundled into fortisoar-logs.tar.gz.gpg. Therefore, to collect logs and to password-protect the logs, use the following command:
    csadm log --collect [LOG_PATH][--password LOG_FILE_PASSWORD]

secure-message-exchange

Manages the default secure message exchange server available with a FortiSOAR node. A secure message exchange establishes a secure channel that is used to relay information to the agents or tenant nodes.
Note: For a production setup, it is recommended that you add and configure a separate secure message exchange for handling scale and high availability.
You can use the following options with this subcommand:

  • enable: Enables the secure message exchange on your FortiSOAR instance if you want to use localhost, i.e., the Default (Embedded) secure message exchange to connect to an external agent or in case of a dedicated tenant.
    You must specify the password, which is the admin password that is used for setting up a communication channel for every tenant or agent node that will connect to this FortiSOAR instance using this local secure message exchange. All the other parameters are optional and if they are not specified, then the default values are set. If you do specify the values for any parameter, then the default values are replaced by the user-specified values.
    The following parameters are used with this subcommand:

    • --name: Name that you want to set for the secure message exchange. By default, this is set to Default (Embedded).

    • --user: Admin username that will be used to login to the secure message exchange management console and perform tasks such as configuring tenants and agents on the secure message exchange. Default value is admin.

    • --password: Admin password that will be used to login to the secure message exchange management console.

    • --vhost: Virtual host for running admin commands on the secure message exchange. Default value is cyops-admin.

    • --api-port: RabbitMQ API port that should be enabled for configuring tenants and agents on the secure message exchange. Default value is 15671.

    • --tcp-port: RabbitMQ TCP port that should be enabled for data exchange with tenants and agents. Default value is 5671.

  • disable: Disables the secure message exchange that you had enabled on your FortiSOAR instance for using localhost to connect to an external agent.

  • show-config: Displays the configuration details of your secure message exchange, such as the name of the secure message exchange, username used to login to the secure message exchange, the TCP port and API port that is configured for your secure message exchange, etc.

source-control

(New in version 7.0.0) Allows import or export of FortiSOAR configurations, such as, MMD and SVT updates along with playbooks and other required configuration changes between systems. This is required for Continuous Integration or Continuous delivery (CICD), which is a pipeline that automates of your software delivery process. The pipeline builds code, runs tests (CI), and safely deploys a new version of the application (CD). You can use the following options with this subcommand:

  • export-config: Exports configurations defined in the source_control.yaml file or a user-defined yaml file. The configuration file is a standard yaml file with sections such as, module, playbook, reports, etc. You can either choose to edit the source_control.yaml file or make a copy of this file, make changes in that file, and then provide the path of the updated file while using the and export-config command. You can either provide value as ‘all’ to export all entities of a particular type or provide a specific entity to export. You can also exclude an entity from being exported by adding it to the ‘exclude’ section
    The export-config command has two optional parameters, a configuration file describing what is to be exported (--config-file [CONFIG_FILE]) and a directory path to save the exported configuration (--export-directory [EXPORT_DIRECTORY]).
    For --config-file [CONFIG_FILE, you can specify the path of the yaml file from where you want to export the configurations. The default location for the configuration file, i.e., the source_control.yml file is /opt/cyops/configs/scripts/csadm/commands/source_control.yaml.
    For --export-directory [EXPORT_DIRECTORY], you can specify the path where you want to export the configuration data. By default, the configurations are exported to /tmp/source_control.
    Once the command completes exporting the configurations, you can copy or move the exported files to the destination system; however, you must preserve the directory structure.
  • import-config: Imports configurations from the yaml files that are located at the specified directory. The import-config command has one optional parameter, (--import-directory [IMPORT_DIRECTORY]) in which you can specify the directory from where you want to import the configuration data. By default, the configurations are imported from /tmp/source_control.
services

FortiSOAR services controller (RabbitMQ) functions. You can use the following options with this subcommand:

  • --start: Starts all FortiSOAR services in their respective order.

  • --stop: Stops all FortiSOAR services in their respective order.

  • --restart: Restarts all FortiSOAR services in their respective order.

  • --status: Displays the status, i.e., Running or Not Running of all FortiSOAR services.

network

Manages network operations. You can use the following options with this subcommand:

  • ipv6 --enable : Enables the IPv6 protocol on your FortiSOAR system. The system will reboot as part of the execution.
    set-https-proxy --host<proxy_hostname> --port<proxy_port> --protocol<proxy_protocol> --user<proxy_username> --password<proxy_password>: Configures an https proxy server to serve all https requests from FortiSOAR. To configure an https proxy, you must specify the hostname and the port number of the HTTPS proxy server. You must also specify the protocol to be used to communicate with the HTTPS proxy server. You can also optionally specify the username and password used to access the HTTPS proxy server.

  • set-http-proxy --host<proxy_hostname> --port<proxy_port> --protocol<proxy_protocol> --user<proxy_username> --password<proxy_password>: Configures an http proxy server to serve all http requests from FortiSOAR. To configure an http proxy, you must specify the hostname and the port number of the HTTP proxy server. You must also specify the protocol to be used to communicate with the HTTP proxy server. You can also optionally specify the username and password used to access the HTTP proxy server.

  • list-proxy: Lists the proxies that are configured.

  • set-no-proxy --host<hostname>: Configures a comma-separated list of hostnames that do not require to be routed through a proxy server.
    Note: Review the existing no-proxy list using the list-proxy option. You can add or remove proxies from the existing list by specifying a complete comma-separated list of proxies that you want to configure using the set-no-proxy option.
    For example, if you have added hostname1 to the no-proxy list and you want to add hostname2 to the no-proxy list, then you must run the command as:
    csadm network set-no-proxy --host "hostname1, hostname2"

  • remove-proxy: Removes all the configured proxies, i.e., remove-proxy will remove both the http and https proxies that have been configured.

CLI commands used for forwarding syslogs

Use the csadm log forward command to forwards FortiSOAR logs to your central log management server that supports a Rsyslog client. You can use the following options with this subcommand:

  • add-config - csadm log forward add config: Adds configuration details for the syslog server to which you want to forward the FortiSOAR. You can use the following options with this subcommand:
    • --server: Hostname of the syslog server to which you want to forward the FortiSOAR logs.
    • --port: Port number that you want to use to communicate with the syslog server.
    • --protocol: Protocol that you want to use to communicate with the syslog server. You can specify tcp, udp, or relp.
    • --tls: To securely communicate with the syslog server, set -tls to true.
      If you enable TLS, then in the --ca-cert option, you must specify the path to the CA certificate PEM file which contains the complete chain of CA certificates including the filename.
      If you have a client certificate for your FortiSOAR client, then in the --client-cert option, you must specify the path to the client certificate PEM file including the filename, and in the --client-key option, you must specify the path to the client key PEM file including the filename.
    • --filter: Comma-separated list of filters to specify the type of logs that you want to forward to your syslog server. Valid filters are application, audit, none, and by default, all the logs, i.e., application and audit logs are forwarded. If for example, if you want to forward audit logs only then specify --filter=audit.
      If you specify --filter=none, then no logs are forwarded, i.e., log forwarding is temporarily disabled. To enable the log forwarding again, use the update-config subcommand with the --filter option. For example, csadm log forward update-config –uuid < UUID of configuration > --filter <audit,application>.
      Note: You can define the rules to forward audit logs using the FortiSOAR UI. For more information, see the System Configuration chapter.
    • --config-name: Name of the configuration in which you want to store the log forwarding configuration details.
      Note: Validation checks such as, whether the syslog server is reachable on the specified port etc. are run before adding the syslog server, and the syslog server is added only if the configuration details entered are valid.
  • show-config - csadm log forward show-config: Displays configuration details of the syslog server such as the server's IP address, protocol, TLS information, UUID of the configuration, etc.
  • remove-config - csadm log forward remove-config –uuid < UUID of configuration >: Removes the syslog configuration based on the configuration UUID you have specified. To know the UUID of your configuration use the show-config subcommand.
  • update-config - csadm log forward update-config –uuid < UUID of configuration >: Updates the syslog configuration based on the configuration UUID you have specified. To know the UUID of your configuration use the show-config subcommand. You can update any or all of the options as mention in the add-config subcommand.
    Use the update-config subcommand with the --filter option, to enable temporarily disabled log forwarding.
Note

You can configure only a single syslog server. If you have already configured a syslog server and you try to add a new one, then FortiSOAR displays appropriate warning messages informing you that a syslog server is already configured, and adding a new syslog server will remove already configured one. Further processing is done based on your response (yes/no) to the messages.

FortiSOAR Admin CLI

An administrator can use FortiSOAR Admin CLI (csadm) to perform various functions such as backing up and restoring data and run various FortiSOAR commands such as starting and stopping services and collecting logs.

Prerequisites

To run csadm you must login as root or have sudo permissions.

FortiSOAR Admin CLI - Usage

Once you type # csadm on the command prompt, the usage and subcommands of the FortiSOAR Admin CLI are displayed as shown in the following image:

FortiSOAR™ Admin CLI command prompt

To perform a particular task in FortiSOAR using csadm, you must type # csadm and then its subcommand and the subcommand’s arguments (if any). For example, to change a hostname use the following command:
# csadm hostname --set [<hostname to be set>]

You can get help for a particular subcommand by running following command:
# csadm <subcommand>
OR
# csadm <subcommand> --help

csadm supports the following subcommands:

Subcommand Description
certs

Generates and deploys your certificates. You can use the following options with this subcommand:

  • --deploy: Deploys SSL certificates. For more information, see the Updating the SSL certificates section in the Additional configuration settings for FortiSOAR chapter in the "Deployment Guide."

  • --generate <host name>: Generates and deploys self-signed certificates. You can use the --no-replace-nginx-cert option with this command, if you do not want to replace your nginx self-signed certificates.

db

Performs operations related to database.
You can use the following options with this subcommand:

  • --change-passwd: Changes the password of your PostgreSQL database.
    Once you run this command, you will be prompted to enter the password of your choice and confirm the password, which will then update your PostgreSQL database password to the new password.

  • --backup [<backup_dir_path>]: Performs a backup of your FortiSOAR system, including backup of both data and configuration files in the directory you have specified.
    From version 6.4.3 onwards, you can optionally use the --exclude-workflow option to exclude all the "Executed Playbook Logs" from the backup. For more information, see the Backing up and Restoring FortiSOAR chapter.

  • --backup-config [<backup_dir_path>]: Performs a backup of only your configuration files in the directory you have specified.

  • --restore [<backup_file_path>: Performs data restore from a locally stored file, whose path you have specified. The default location of the backup file is (/home/csadmin/db_backup/DR_BACKUP_<yyyymmdd_hhmmss>.tgz). For more information, see the Backing up and Restoring FortiSOAR chapter.

  • -encrypt: Generates an encrypted version of the text that you have specified on the prompt. Use this command to generate an encrypted version of the password that you have set for your PostgreSQL database.

  • --externalize: Performs externalization of your FortiSOAR PostgreSQL data. You must provide the path in which you want to save your database backup file. For more information, see the Externalization of your FortiSOAR PostgreSQL database chapter.
    --check-connection: Checks the connection between FortiSOAR and the external PostgreSQL database.

  • --getsize: Displays the size of the primary data and the audit and workflow logs in your database. This enables you to see the current usage and calculate usage over time based on your purging policy.

From version 7.0.0 onwards, you can also backup and restore the data of your external Secure Message Exchange (SME) system, by using the following commands:

  • --backup [<backup_dir_path>]: Performs a backup of your external SME system.

  • --restore [<backup_file_path>: Performs data restore for your external SME system from a locally stored file, whose path you have specified. The default location of the backup file is (/home/csadmin/db_backup/DR_BACKUP_<yyyymmdd_hhmmss>.tgz). For more information, see the Backing up and Restoring FortiSOAR chapter.
    Note: All other options of the db option are not applicable to the external SME.

ha Manages your FortiSOAR High Availability cluster. For more information about HA and its commands, see the High Availability support in FortiSOAR chapter.
hostname

Changes the name of the host and Fully Qualified Domain Name (FQDN) based on the parameters you have specified. You can use the following options with this subcommand:

  • --set [<hostname>]: If you specify a new hostname, then this changes your current hostname to the new hostname that you have specified, sets up the message broker, regenerates certificates, and restarts FortiSOAR services.
    If you do not specify a hostname, then this sets up the message broker, regenerates certificates using the existing hostnam, and restarts FortiSOAR services.
    Note: Before you run this command, you must ensure that the specified hostname is resolvable.

  • --dns-name <DNS_SERVER_IP>: Adds the DNS server entry to the /etc/resolv.conf file.

license

Manages your FortiSOAR license. You can use the following options with this subcommand:

  • --get-device-uuid : Retrieves the Device UUID for your FortiSOAR instance.

  • --deploy-enterprise-license <License File Path>: Deploys your FortiSOAR enterprise license. For example, csadm license --deploy-enterprise-license temp/<Serial_No>.lic.

  • --deploy-multi-tenant-license <License File Path>: Deploys your FortiSOAR multitenancy license.

  • --show-details: Displays details of the installed license such as, type of license, Device UUID, expiry date of the license, etc. If you add the [License File Path] parameter to this subcommand, for example --show-details /home/<Serial_No>.lic, then this displays the contents of the license file.

mq FortiSOAR message queue controller (RabbitMQ) functions.
--flush-db: Deletes and recreates the rabbitmq database.
log

Performs log collection and forwarding of syslogs. You can use the following options with this subcommand:

  • forward: Forwards FortiSOAR logs to your central log management server that supports a Rsyslog client. For the options that you can use with this subcommand see the CLI commands used for forwarding syslogs section. You can also configure syslog forwarding using the FortiSOAR UI, details of which are in the System Configuration chapter.

  • --collect [LOG_PATH]: Collects logs and bundles them up into a fortisoar-logs.tar.gz file. You must specify the path where the logs should be collected. If you do not specify a path, then the logs will be collected in the current working directory.

  • --password LOG_FILE_PASSWORD: Password-protects the log file, i.e., the password would be required to extract the log file contents. The collected logs are bundled into fortisoar-logs.tar.gz.gpg. Therefore, to collect logs and to password-protect the logs, use the following command:
    csadm log --collect [LOG_PATH][--password LOG_FILE_PASSWORD]

secure-message-exchange

Manages the default secure message exchange server available with a FortiSOAR node. A secure message exchange establishes a secure channel that is used to relay information to the agents or tenant nodes.
Note: For a production setup, it is recommended that you add and configure a separate secure message exchange for handling scale and high availability.
You can use the following options with this subcommand:

  • enable: Enables the secure message exchange on your FortiSOAR instance if you want to use localhost, i.e., the Default (Embedded) secure message exchange to connect to an external agent or in case of a dedicated tenant.
    You must specify the password, which is the admin password that is used for setting up a communication channel for every tenant or agent node that will connect to this FortiSOAR instance using this local secure message exchange. All the other parameters are optional and if they are not specified, then the default values are set. If you do specify the values for any parameter, then the default values are replaced by the user-specified values.
    The following parameters are used with this subcommand:

    • --name: Name that you want to set for the secure message exchange. By default, this is set to Default (Embedded).

    • --user: Admin username that will be used to login to the secure message exchange management console and perform tasks such as configuring tenants and agents on the secure message exchange. Default value is admin.

    • --password: Admin password that will be used to login to the secure message exchange management console.

    • --vhost: Virtual host for running admin commands on the secure message exchange. Default value is cyops-admin.

    • --api-port: RabbitMQ API port that should be enabled for configuring tenants and agents on the secure message exchange. Default value is 15671.

    • --tcp-port: RabbitMQ TCP port that should be enabled for data exchange with tenants and agents. Default value is 5671.

  • disable: Disables the secure message exchange that you had enabled on your FortiSOAR instance for using localhost to connect to an external agent.

  • show-config: Displays the configuration details of your secure message exchange, such as the name of the secure message exchange, username used to login to the secure message exchange, the TCP port and API port that is configured for your secure message exchange, etc.

source-control

(New in version 7.0.0) Allows import or export of FortiSOAR configurations, such as, MMD and SVT updates along with playbooks and other required configuration changes between systems. This is required for Continuous Integration or Continuous delivery (CICD), which is a pipeline that automates of your software delivery process. The pipeline builds code, runs tests (CI), and safely deploys a new version of the application (CD). You can use the following options with this subcommand:

  • export-config: Exports configurations defined in the source_control.yaml file or a user-defined yaml file. The configuration file is a standard yaml file with sections such as, module, playbook, reports, etc. You can either choose to edit the source_control.yaml file or make a copy of this file, make changes in that file, and then provide the path of the updated file while using the and export-config command. You can either provide value as ‘all’ to export all entities of a particular type or provide a specific entity to export. You can also exclude an entity from being exported by adding it to the ‘exclude’ section
    The export-config command has two optional parameters, a configuration file describing what is to be exported (--config-file [CONFIG_FILE]) and a directory path to save the exported configuration (--export-directory [EXPORT_DIRECTORY]).
    For --config-file [CONFIG_FILE, you can specify the path of the yaml file from where you want to export the configurations. The default location for the configuration file, i.e., the source_control.yml file is /opt/cyops/configs/scripts/csadm/commands/source_control.yaml.
    For --export-directory [EXPORT_DIRECTORY], you can specify the path where you want to export the configuration data. By default, the configurations are exported to /tmp/source_control.
    Once the command completes exporting the configurations, you can copy or move the exported files to the destination system; however, you must preserve the directory structure.
  • import-config: Imports configurations from the yaml files that are located at the specified directory. The import-config command has one optional parameter, (--import-directory [IMPORT_DIRECTORY]) in which you can specify the directory from where you want to import the configuration data. By default, the configurations are imported from /tmp/source_control.
services

FortiSOAR services controller (RabbitMQ) functions. You can use the following options with this subcommand:

  • --start: Starts all FortiSOAR services in their respective order.

  • --stop: Stops all FortiSOAR services in their respective order.

  • --restart: Restarts all FortiSOAR services in their respective order.

  • --status: Displays the status, i.e., Running or Not Running of all FortiSOAR services.

network

Manages network operations. You can use the following options with this subcommand:

  • ipv6 --enable : Enables the IPv6 protocol on your FortiSOAR system. The system will reboot as part of the execution.
    set-https-proxy --host<proxy_hostname> --port<proxy_port> --protocol<proxy_protocol> --user<proxy_username> --password<proxy_password>: Configures an https proxy server to serve all https requests from FortiSOAR. To configure an https proxy, you must specify the hostname and the port number of the HTTPS proxy server. You must also specify the protocol to be used to communicate with the HTTPS proxy server. You can also optionally specify the username and password used to access the HTTPS proxy server.

  • set-http-proxy --host<proxy_hostname> --port<proxy_port> --protocol<proxy_protocol> --user<proxy_username> --password<proxy_password>: Configures an http proxy server to serve all http requests from FortiSOAR. To configure an http proxy, you must specify the hostname and the port number of the HTTP proxy server. You must also specify the protocol to be used to communicate with the HTTP proxy server. You can also optionally specify the username and password used to access the HTTP proxy server.

  • list-proxy: Lists the proxies that are configured.

  • set-no-proxy --host<hostname>: Configures a comma-separated list of hostnames that do not require to be routed through a proxy server.
    Note: Review the existing no-proxy list using the list-proxy option. You can add or remove proxies from the existing list by specifying a complete comma-separated list of proxies that you want to configure using the set-no-proxy option.
    For example, if you have added hostname1 to the no-proxy list and you want to add hostname2 to the no-proxy list, then you must run the command as:
    csadm network set-no-proxy --host "hostname1, hostname2"

  • remove-proxy: Removes all the configured proxies, i.e., remove-proxy will remove both the http and https proxies that have been configured.

CLI commands used for forwarding syslogs

Use the csadm log forward command to forwards FortiSOAR logs to your central log management server that supports a Rsyslog client. You can use the following options with this subcommand:

  • add-config - csadm log forward add config: Adds configuration details for the syslog server to which you want to forward the FortiSOAR. You can use the following options with this subcommand:
    • --server: Hostname of the syslog server to which you want to forward the FortiSOAR logs.
    • --port: Port number that you want to use to communicate with the syslog server.
    • --protocol: Protocol that you want to use to communicate with the syslog server. You can specify tcp, udp, or relp.
    • --tls: To securely communicate with the syslog server, set -tls to true.
      If you enable TLS, then in the --ca-cert option, you must specify the path to the CA certificate PEM file which contains the complete chain of CA certificates including the filename.
      If you have a client certificate for your FortiSOAR client, then in the --client-cert option, you must specify the path to the client certificate PEM file including the filename, and in the --client-key option, you must specify the path to the client key PEM file including the filename.
    • --filter: Comma-separated list of filters to specify the type of logs that you want to forward to your syslog server. Valid filters are application, audit, none, and by default, all the logs, i.e., application and audit logs are forwarded. If for example, if you want to forward audit logs only then specify --filter=audit.
      If you specify --filter=none, then no logs are forwarded, i.e., log forwarding is temporarily disabled. To enable the log forwarding again, use the update-config subcommand with the --filter option. For example, csadm log forward update-config –uuid < UUID of configuration > --filter <audit,application>.
      Note: You can define the rules to forward audit logs using the FortiSOAR UI. For more information, see the System Configuration chapter.
    • --config-name: Name of the configuration in which you want to store the log forwarding configuration details.
      Note: Validation checks such as, whether the syslog server is reachable on the specified port etc. are run before adding the syslog server, and the syslog server is added only if the configuration details entered are valid.
  • show-config - csadm log forward show-config: Displays configuration details of the syslog server such as the server's IP address, protocol, TLS information, UUID of the configuration, etc.
  • remove-config - csadm log forward remove-config –uuid < UUID of configuration >: Removes the syslog configuration based on the configuration UUID you have specified. To know the UUID of your configuration use the show-config subcommand.
  • update-config - csadm log forward update-config –uuid < UUID of configuration >: Updates the syslog configuration based on the configuration UUID you have specified. To know the UUID of your configuration use the show-config subcommand. You can update any or all of the options as mention in the add-config subcommand.
    Use the update-config subcommand with the --filter option, to enable temporarily disabled log forwarding.
Note

You can configure only a single syslog server. If you have already configured a syslog server and you try to add a new one, then FortiSOAR displays appropriate warning messages informing you that a syslog server is already configured, and adding a new syslog server will remove already configured one. Further processing is done based on your response (yes/no) to the messages.