Adding a device, To add a device | Fortinet FortiLog-400 instruction

Configuring the FortiLog unit	Connecting to the FortiLog Unit

Configuring the FortiLog unit

When you configure a device to send logs to the FortiLog unit, an entry for the device appears automatically in the Unregistered Devices tab.

Adding a device

The Devices screen provides a easy access to all devices currently sending log files to the FortiLog unit. It also provides a way to add unregistered or other new devices to the FortiLog unit so it can receive log files.

Figure 9: FortiLog device tabs

All	Displays all registered devices available to the FortiLog unit.
Groups	Displays the groups available. You can also edit, delete and create new
	groups from this tab.
Unregistered	Displays a list of unregistered devices available to the FortiLog unit. This
	does not indicate that a FortiGate device is not registered with Fortinet.
Device tabs	A tab is available for each device supported by the FortiLog unit.

To add a device

1For a FortiGate device, go to System > Devices > Unregistered.

For devices that are not automatically registered, such as a syslog server, select the device tab and select Create New.

2In the Register column, select Add for the device you wish to add.

Figure 10: Adding/registering a new device to the FortiLog unit

26

05-16000-0082-20050115

Fortinet Inc.

Image 26

Fortinet FortiLog-400, FortiLog-100, FortiLog-800 manual Adding a device, To add a device, Groups from this tab, Unregistered

Contents

FortiLog-100 FortiLog-400 FortiLog-800 January 15, 2004 Regulatory Compliance Version 1.6 January 15 05-16000-0082-20050115Trademarks Table of Contents Config Network Managing the FortiLog unit Reports 104 Setting folder and file properties103 110 Introduction FortiLog-400 FortiLog-100 FortiLog-800 Active Mode Operational Modes Passive Mode Introduction FortiLog documentation Explains how to install and set up the FortiLog unitAbout this guide FortiGate documentation Explains how to configure VPNs using the web-based managerRelated documentation FortiMail documentation FortiManager documentationFortiClient documentation Fortinet Knowledge Center Customer service and technical support Customer service and technical support Setting up the FortiLog unit Checking the package contents FortiLog-100 2.5 kg FortiLog-400 11 kg FortiLog-80014 kg Hardware specifications DimensionsWeight Environmental specifications Planning the installationPower requirements Air flow FortiLog unit Management PC Connecting the FortiLog unitConnecting the FortiLog unit To connect the FortiLog unit to the network Factory defaults Administrator Configuring the FortiLog unitUsing the web-based manager To connect to the web-based manager To configure the FortiLog unit using the CLI Using the command line interfaceTo configure the FortiLog unit using the web-based manager Set system interface port1 mode static ip IPaddress netmask Set system dns primary IPaddress Using the front panel buttons and LCDSet the primary DNS server IP address Configuring the FortiLog unit Go to Log&Report Log Config Connecting to the FortiLog UnitConfiguring FortiGate unit running FortiOS Sending device logs to the FortiLog unit Configuring FortiGate devices running FortiOS FortiGate 2.8 log settings Configuring FortiMail devices FortiGate 2.5 Log settings Groups from this tab Adding a deviceTo add a device Unregistered Defining device port interfaces Creating Device Groups To create a device group Go to System Devices Groups Status Managing the FortiLog unitStatus Refresh Operating ModeInterval Alerts Changing operating modes To change the operating mode in the CLIChanging the FortiLog host name Set system opmode activepassive Changing the firmware To change the firmware using the web-based managerViewing system resources information Execute restore image namestr tftpip Installing firmware from a system rebootTo change the firmware using the CLI Execute restore image FortiLog400-v120.out Immediately press any key to interrupt the system startup To install firmware from a system rebootPress any key to enter configuration menu Enter Local Address Following message appears Testing a new firmware imageTo test a new firmware image before installing it Enter File Name image.out Get system status Installing a backup firmware imageSave as Default firmware/Run image without savingD/R You can test the new firmware image as required To install a backup firmware image Type B To switch to the backup firmware image Switching to a backup firmware imageSwitching to the default firmware image Execute reboot Backing up system settingsTo switch back to the default firmware image To backup up system settings Go to System Status Status To restore system settings Go to System Status Status Restoring system settingsRestore factory default system settings Restoring a FortiLog unit To upload the firmware image to the FortiLog unit Press any key to begin download Config Network Config RAID Log to Host Log settingsConfig Policy Port CSV format Config PolicyLog policy Levels Description Generated by Options AdminTime Language Configure Administrator access Administrator account levels Administrator options To add an administrator account Go to System Config Admin Devices Active modeChanging the Administrator password Editing device information Device listAdding and registering a device To edit a device Go to System Devices Alert EmailServer Creating a new device alert Device Active modeLocal Attack Type Attack Type Entry and listing Level of wait interval Virus Type AlertsTo add a device alert Go to System Alert Email Device Window Network SharingDefining IP aliases To set host alias names Go to Reports IP Aliases IP aliases Creating and generating a report To create a report Go to Reports ConfigReports Select New and enter a name for the report Set the following Configuring report parametersTo define report parameters Go to Reports Config Select Run now Resolve Service Names Ranked Reports show top Configuring a report queryTo set the report queries Go to Reports Config Select a report from the list Select Queries Selecting the devices for the report To select the devices Go to Reports ConfigCreating a query profile To create a query profile Select filtering options To set the filtering on a log report Go to Reports ConfigCreating a device profile To create a device profile Creating a filter profile Setting a report scheduleTo create a scheduled report Go to Reports Config To create a report filter profile Select Schedule Select a day from the following Creating a report schedule profileChoosing the report destination and format To create a report schedule profile Reports on demand To generate a report on demand Go to Reports ConfigCreating a report destination and format profile To create a pre-defined output selection Viewing reports To view a generated report Go to File Browse Reports Roll up report Individual reports Creating and generating a report To create a report Go to Reports Config VulnerabilityVulnerability reports Selecting plug-ins Per device Resolve Host Names Resolve Service NamesSelecting report result parameters Selecting the scan targets for the report To select the plug-ins Go to Reports Config VulnerabilitiesCreating a plug-in profile To create a plug-in profile To create a scan target profile Creating a scan target profileTo add additional devices Email list FileBrowse/Reports hard disk As an email attachment Viewing the vulnerability report Select the report name from the list of completed reports Using Logs Log view interface Viewing logs Select the column header to change the sort order between Finding log informationTo view the device log files Go to File Browse Logs Ascending and descending order Basic log filter To import a log file Go to File Browse Logs Importing log filesAlert level Match Up and Down arrows To set log watching Go to File Browse Logs Log watch Active modeLog Search Show Up and Down arrows Event correlation Active mode Sort list Event correlation Active mode Using the FortiLog unit as a NAS Connecting to the FortiLog file system Selecting a file sharing protocol Providing access to the FortiLog hard diskSelect Enable for a file sharing protocol Adding and modifying user accounts To add a user group Go to Network Sharing Groups Assigning access to foldersAdding and modifying group accounts Select Create New Windows sharing configuration Modifying the user or group folder access NFS share configuration Owner Setting folder and file propertiesTo set file and folder permissions Go to File Browse Files FortiLog CLI reference CLI documentation conventions FortiLog-800 login Connecting to the CLIConnecting to the FortiLog-800 console To connect to the FortiLog-800 console Welcome Setting administrative access for SSH or TelnetTo use the CLI to configure SSH or Telnet access To connect to the CLI using SSH Connecting to the FortiLog CLI using SSHConnecting to the FortiLog CLI using Telnet To connect to the CLI using Telnet Execute branch CLI commandsFortiLog CLI commands include Get branch Use get to display settings, logs, or system informationGet command architecture Get report resolve Get log logsettingGet system admin Get report aliases Set alertemail command architecture Use set to configure settings, logs, or system informationUse set alertemail to configure alert mails Set branch Below String is the passwordNamestr is the user name Set alertmail local time 0.5 1.0 3.0 6.0 Settings originate from a singe source IP CLI commandsSet alertmail device enable add leveltime Use set console to set console configuration Set console Set log Use set log to configure log settingsSet log command architecture YY-MM-DD 100 101 102 Set NAS 103 Set system Set report command architectureSet report 104 105 106 107 Trusthoststr is trusted host IP address 1080.0 Netmaskstr is the netmask 109 Unset branch 111 112 Web Activity Appendix a Log Report TypesNetwork Activity 113 FTP Activity 115 Terminal ActivityMail Activity Mail activity reports record Email traffic and connections Web Filter Activity Intrusion ActivityAntivirus Activity Mail Filter Activity 117 Content Activity VPN Activity 119 120 Index 121 122 Index 123 124