Fortinet support
Dear All,
We are receiving more support queries/forum requests regarding Fortinet support. Often we encounter the following question.
Below is the Sample Record of which the ManageEngine Firewall Analyzer Product does not support,
<189>date=2005-08-12 time=09:12:41 device_id=FG400A2904500279 log_id=0022010001
type=traffic subtype=allowed pri=notice vd=root SN=49941 duration=70 policyid=1
proto=6 service=http status=accept src=192.168.1.102 srcname=192.168.1.102
dst=202.133.237.122 dstname=202.133.237.122 src_int=port4 dst_int=port6
sent=467 rcvd=625 sent_pkt=5 rcvd_pkt=3 src_port=1136 dst_port=80 vpn=n/a
tran_ip=210.243.203.5 tran_port=30794 dir_disp=org tran_disp=noop
What to do to avoid this problem?
Answer:
The above log format is Fortinet native log format where date and time fields are separated. It does not comply to the WELF format. Hence Firewall Analyzer is unable to process this log.
Kindly enable Web Trends check box in Fortinet logging configuration if you are having Forinet family firewalls and you can see Firewall Analyzer showing reports for Fortinet firewalls.
Following are the details steps,
1) Login as admin to fortinet
2) Click "Log & Report" ----> Click "Log Config"
3) Once you clicked "Log Config", settings of "Log Settings' tab 'll be displayed. Here you can enable "Web Trends".
with regards,
Firewall -Support
We are receiving more support queries/forum requests regarding Fortinet support. Often we encounter the following question.
Below is the Sample Record of which the ManageEngine Firewall Analyzer Product does not support,
<189>date=2005-08-12 time=09:12:41 device_id=FG400A2904500279 log_id=0022010001
type=traffic subtype=allowed pri=notice vd=root SN=49941 duration=70 policyid=1
proto=6 service=http status=accept src=192.168.1.102 srcname=192.168.1.102
dst=202.133.237.122 dstname=202.133.237.122 src_int=port4 dst_int=port6
sent=467 rcvd=625 sent_pkt=5 rcvd_pkt=3 src_port=1136 dst_port=80 vpn=n/a
tran_ip=210.243.203.5 tran_port=30794 dir_disp=org tran_disp=noop
What to do to avoid this problem?
Answer:
The above log format is Fortinet native log format where date and time fields are separated. It does not comply to the WELF format. Hence Firewall Analyzer is unable to process this log.
Kindly enable Web Trends check box in Fortinet logging configuration if you are having Forinet family firewalls and you can see Firewall Analyzer showing reports for Fortinet firewalls.
Following are the details steps,
1) Login as admin to fortinet
2) Click "Log & Report" ----> Click "Log Config"
3) Once you clicked "Log Config", settings of "Log Settings' tab 'll be displayed. Here you can enable "Web Trends".
with regards,
Firewall -Support