Manuals
/
Fortinet
/
Computer Equipment
/
Network Card
Fortinet
FortiLog-800, FortiLog-100, FortiLog-400
manual
112
Models:
FortiLog-100
FortiLog-400
FortiLog-800
1
112
124
124
Download
124 pages
26.49 Kb
109
110
111
112
113
114
115
116
Specs
Password
Factory defaults Administrator
Login
Admin
Connecting the FortiLog unit
Config Network
Assigning access to folders
CLI commands
FortiGate 2.8 log settings
Page 112
Image 112
CLI commands
FortiLog CLI reference
112
05-16000-0082-20050115
Fortinet Inc.
Page 111
Page 113
Page 112
Image 112
Page 111
Page 113
Contents
FortiLog-100 FortiLog-400 FortiLog-800
January 15, 2004
Trademarks
Version 1.6 January 15 05-16000-0082-20050115
Regulatory Compliance
Table of Contents
Config Network
Managing the FortiLog unit
Reports
Setting folder and file properties
103
104
110
Introduction
FortiLog-400 FortiLog-100 FortiLog-800
Active Mode
Operational Modes
Passive Mode
Introduction
About this guide
Explains how to install and set up the FortiLog unit
FortiLog documentation
Related documentation
Explains how to configure VPNs using the web-based manager
FortiGate documentation
FortiManager documentation
FortiClient documentation
FortiMail documentation
Fortinet Knowledge Center
Customer service and technical support
Customer service and technical support
Setting up the FortiLog unit
Checking the package contents
Weight
Hardware specifications Dimensions
FortiLog-100 2.5 kg FortiLog-400 11 kg FortiLog-80014 kg
Planning the installation
Power requirements
Environmental specifications
Air flow
Connecting the FortiLog unit
Connecting the FortiLog unit
FortiLog unit Management PC
To connect the FortiLog unit to the network
Configuring the FortiLog unit
Using the web-based manager
Factory defaults Administrator
To connect to the web-based manager
Using the command line interface
To configure the FortiLog unit using the web-based manager
To configure the FortiLog unit using the CLI
Set system interface port1 mode static ip IPaddress netmask
Set the primary DNS server IP address
Using the front panel buttons and LCD
Set system dns primary IPaddress
Configuring the FortiLog unit
Connecting to the FortiLog Unit
Configuring FortiGate unit running FortiOS
Go to Log&Report Log Config
Sending device logs to the FortiLog unit
Configuring FortiGate devices running FortiOS
FortiGate 2.8 log settings
Configuring FortiMail devices
FortiGate 2.5 Log settings
Adding a device
To add a device
Groups from this tab
Unregistered
Defining device port interfaces
Creating Device Groups
To create a device group Go to System Devices Groups
Status
Managing the FortiLog unit
Status
Operating Mode
Interval
Refresh
Alerts
To change the operating mode in the CLI
Changing the FortiLog host name
Changing operating modes
Set system opmode activepassive
Viewing system resources information
To change the firmware using the web-based manager
Changing the firmware
Installing firmware from a system reboot
To change the firmware using the CLI
Execute restore image namestr tftpip
Execute restore image FortiLog400-v120.out
To install firmware from a system reboot
Press any key to enter configuration menu
Immediately press any key to interrupt the system startup
Enter Local Address
Testing a new firmware image
To test a new firmware image before installing it
Following message appears
Enter File Name image.out
Installing a backup firmware image
Save as Default firmware/Run image without savingD/R
Get system status
You can test the new firmware image as required
To install a backup firmware image
Type B
Switching to the default firmware image
Switching to a backup firmware image
To switch to the backup firmware image
Backing up system settings
To switch back to the default firmware image
Execute reboot
To backup up system settings Go to System Status Status
Restoring system settings
Restore factory default system settings
To restore system settings Go to System Status Status
Restoring a FortiLog unit
To upload the firmware image to the FortiLog unit
Press any key to begin download
Config
Network
Config RAID
Log settings
Config Policy
Log to Host
Port
Config Policy
Log policy
CSV format
Levels Description Generated by
Admin
Time
Options
Language
Configure Administrator access
Administrator account levels
Administrator options
Changing the Administrator password
Devices Active mode
To add an administrator account Go to System Config Admin
Adding and registering a device
Device list
Editing device information
Server
Alert Email
To edit a device Go to System Devices
Local
Device Active mode
Creating a new device alert
Attack Type
Attack Type Entry and listing Level of wait interval
To add a device alert Go to System Alert Email Device
Alerts
Virus Type
Defining IP aliases
Network Sharing
Window
To set host alias names Go to Reports IP Aliases
IP aliases
To create a report Go to Reports Config
Reports
Creating and generating a report
Select New and enter a name for the report
Configuring report parameters
To define report parameters Go to Reports Config
Set the following
Select Run now
Configuring a report query
To set the report queries Go to Reports Config
Resolve Service Names Ranked Reports show top
Select a report from the list Select Queries
To select the devices Go to Reports Config
Creating a query profile
Selecting the devices for the report
To create a query profile
To set the filtering on a log report Go to Reports Config
Creating a device profile
Select filtering options
To create a device profile
Setting a report schedule
To create a scheduled report Go to Reports Config
Creating a filter profile
To create a report filter profile
Creating a report schedule profile
Choosing the report destination and format
Select Schedule Select a day from the following
To create a report schedule profile
To generate a report on demand Go to Reports Config
Creating a report destination and format profile
Reports on demand
To create a pre-defined output selection
Viewing reports
To view a generated report Go to File Browse Reports
Roll up report
Individual reports
Vulnerability reports
To create a report Go to Reports Config Vulnerability
Creating and generating a report
Selecting report result parameters
Per device Resolve Host Names Resolve Service Names
Selecting plug-ins
To select the plug-ins Go to Reports Config Vulnerabilities
Creating a plug-in profile
Selecting the scan targets for the report
To create a plug-in profile
To add additional devices
Creating a scan target profile
To create a scan target profile
File
Browse/Reports hard disk
Email list
As an email attachment
Viewing the vulnerability report
Select the report name from the list of completed reports
Using Logs
Log view interface
Viewing logs
Finding log information
To view the device log files Go to File Browse Logs
Select the column header to change the sort order between
Ascending and descending order
Basic log filter
Importing log files
Alert level
To import a log file Go to File Browse Logs
Match Up and Down arrows
Log watch Active mode
Log Search
To set log watching Go to File Browse Logs
Show Up and Down arrows
Event correlation Active mode
Sort list
Event correlation Active mode
Using the FortiLog unit as a NAS
Connecting to the FortiLog file system
Providing access to the FortiLog hard disk
Select Enable for a file sharing protocol
Selecting a file sharing protocol
Adding and modifying user accounts
Assigning access to folders
Adding and modifying group accounts
To add a user group Go to Network Sharing Groups
Select Create New
Windows sharing configuration
Modifying the user or group folder access
NFS share configuration
To set file and folder permissions Go to File Browse Files
Setting folder and file properties
Owner
FortiLog CLI reference
CLI documentation conventions
Connecting to the CLI
Connecting to the FortiLog-800 console
FortiLog-800 login
To connect to the FortiLog-800 console
To use the CLI to configure SSH or Telnet access
Setting administrative access for SSH or Telnet
Welcome
Connecting to the FortiLog CLI using SSH
Connecting to the FortiLog CLI using Telnet
To connect to the CLI using SSH
To connect to the CLI using Telnet
FortiLog CLI commands include
CLI commands
Execute branch
Get command architecture
Use get to display settings, logs, or system information
Get branch
Get log logsetting
Get system admin
Get report resolve
Get report aliases
Use set to configure settings, logs, or system information
Use set alertemail to configure alert mails
Set alertemail command architecture
Set branch
String is the password
Namestr is the user name
Below
Set alertmail local time 0.5 1.0 3.0 6.0
Set alertmail device enable add leveltime
CLI commands
Settings originate from a singe source IP
Use set console to set console configuration
Set console
Set log command architecture
Use set log to configure log settings
Set log
YY-MM-DD
100
101
102
Set NAS
103
Set report command architecture
Set report
Set system
104
105
106
107
108
0.0
Trusthoststr is trusted host IP address
Netmaskstr is the netmask
109
Unset branch
111
112
Appendix a Log Report Types
Network Activity
Web Activity
113
FTP Activity
Terminal Activity
Mail Activity
115
Mail activity reports record Email traffic and connections
Antivirus Activity
Intrusion Activity
Web Filter Activity
Mail Filter Activity
117
Content Activity
VPN Activity
119
120
Index
121
122
Index
123
124
Top
Page
Image
Contents