Fortinet black logo

CLI Reference

system eventhub

system eventhub

When FortiWeb-VM is deployed on Azure, use this command to manually configure the FortiWeb appliance to send log messages to Azure Event Hubs.

Alternatively, you can create the configuration automatically using a PowerShell script. For details, see the FortiWeb-VM Azure Install Guide:

https://docs.fortinet.com/fortiweb/hardware

When the event hub configuration is complete, FortiWeb sends health logs to Azure Event Hub.

If you also create a corresponding Azure CEF SIEM policy (see log siem-policy), FortiWeb also sends security logs to Azure Event Hub.

This command is available for FortiWeb-VM running on Microsoft Azure only.

You can use the Azure classic portal to obtain the values that the config system eventhub settings require. For detailed instructions, see the FortiWeb-VM Azure Install Guide:

https://docs.fortinet.com/fortiweb/hardware

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

Syntax

config system eventhub

set status {enable | disable}

set appliance_id "<subscription_str>"

set policy_saskey "<primary-key_str>"

set policy_name "<policy-name_str>"

set eventhub_name "<ehub-name_str>"

set servicebus_namespace "<servicebus-namespace_str>"

end

Variable Description Default

status {enable | disable}



Enter enable to activate the Azure event hub configuration. disable

appliance_id "<subscription_str>"

Enter the subscription (ID) that has the access to the Azure Event Hub No default.

policy_saskey "<primary-key_str>"

Enter the primary shared access key that the specified policy (by policy_name <policy-name_str>) uses for Shared Access Signature authentication on the Azure Event Hub.

No default.

policy_name "<policy-name_str>"

Enter the name of the Shared Access policy created for the Azure Event Hub.

No default.

eventhub_name "<ehub-name_str>"

Enter the name of the Azure Event Hub that is associated with the specified service bus (by servicebus_namespace <servicebus-namespace_str>).

No default.

servicebus_namespace "<servicebus-namespace_str>"

Enter the Service Bus Namespace that the Event Hub is created at.

No default.

Related topics

system eventhub

When FortiWeb-VM is deployed on Azure, use this command to manually configure the FortiWeb appliance to send log messages to Azure Event Hubs.

Alternatively, you can create the configuration automatically using a PowerShell script. For details, see the FortiWeb-VM Azure Install Guide:

https://docs.fortinet.com/fortiweb/hardware

When the event hub configuration is complete, FortiWeb sends health logs to Azure Event Hub.

If you also create a corresponding Azure CEF SIEM policy (see log siem-policy), FortiWeb also sends security logs to Azure Event Hub.

This command is available for FortiWeb-VM running on Microsoft Azure only.

You can use the Azure classic portal to obtain the values that the config system eventhub settings require. For detailed instructions, see the FortiWeb-VM Azure Install Guide:

https://docs.fortinet.com/fortiweb/hardware

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

Syntax

config system eventhub

set status {enable | disable}

set appliance_id "<subscription_str>"

set policy_saskey "<primary-key_str>"

set policy_name "<policy-name_str>"

set eventhub_name "<ehub-name_str>"

set servicebus_namespace "<servicebus-namespace_str>"

end

Variable Description Default

status {enable | disable}



Enter enable to activate the Azure event hub configuration. disable

appliance_id "<subscription_str>"

Enter the subscription (ID) that has the access to the Azure Event Hub No default.

policy_saskey "<primary-key_str>"

Enter the primary shared access key that the specified policy (by policy_name <policy-name_str>) uses for Shared Access Signature authentication on the Azure Event Hub.

No default.

policy_name "<policy-name_str>"

Enter the name of the Shared Access policy created for the Azure Event Hub.

No default.

eventhub_name "<ehub-name_str>"

Enter the name of the Azure Event Hub that is associated with the specified service bus (by servicebus_namespace <servicebus-namespace_str>).

No default.

servicebus_namespace "<servicebus-namespace_str>"

Enter the Service Bus Namespace that the Event Hub is created at.

No default.

Related topics