Manuals / Fortinet / Computer Equipment / Network Card

Fortinet FortiLog-800, FortiLog-100, FortiLog-400 manual Using Logs

Models: FortiLog-100 FortiLog-400 FortiLog-800

1 124

Download 124 pages 26.49 Kb

Page 73

Image 73

FortiLog Administration Guide Version 1.6

Using Logs

The FortiLog unit collects log files from various sources and stores them on its hard disk. With the log viewer you can:

•view log files collected from FortiGate, FortiManager, FortiMail and syslog devices

•customize the log file view

•download log files to your hard disk

•filter the logs for specific information using various criteria

•search multiple log files for unique entries

•import older log files

•watch active log files for real-time logging information of a selected device.

This chapter includes:

•The Log view interface

•Viewing logs

•Importing log files

•Log Search

•Log watch (Active mode)

•Event correlation (Active mode)

FortiLog Administration Guide

05-16000-0082-20050115

Page 73

Image 73

Fortinet FortiLog-800, FortiLog-100, FortiLog-400 manual Using Logs

Contents

January 15, 2004 FortiLog-100 FortiLog-400 FortiLog-800Trademarks Version 1.6 January 15 05-16000-0082-20050115Regulatory Compliance Table of Contents Managing the FortiLog unit Config NetworkReports 103 Setting folder and file properties104 110FortiLog-400 FortiLog-100 FortiLog-800 IntroductionOperational Modes Active ModeIntroduction Passive ModeAbout this guide Explains how to install and set up the FortiLog unitFortiLog documentation Related documentation Explains how to configure VPNs using the web-based managerFortiGate documentation FortiClient documentation FortiManager documentationFortiMail documentation Fortinet Knowledge CenterCustomer service and technical support Customer service and technical support Checking the package contents Setting up the FortiLog unitWeight Hardware specifications DimensionsFortiLog-100 2.5 kg FortiLog-400 11 kg FortiLog-80014 kg Power requirements Planning the installationEnvironmental specifications Air flowConnecting the FortiLog unit Connecting the FortiLog unitFortiLog unit Management PC To connect the FortiLog unit to the networkUsing the web-based manager Configuring the FortiLog unitFactory defaults Administrator To connect to the web-based managerTo configure the FortiLog unit using the web-based manager Using the command line interfaceTo configure the FortiLog unit using the CLI Set system interface port1 mode static ip IPaddress netmaskSet the primary DNS server IP address Using the front panel buttons and LCDSet system dns primary IPaddress Configuring the FortiLog unit Configuring FortiGate unit running FortiOS Connecting to the FortiLog UnitGo to Log&Report Log Config Sending device logs to the FortiLog unitFortiGate 2.8 log settings Configuring FortiGate devices running FortiOSFortiGate 2.5 Log settings Configuring FortiMail devicesTo add a device Adding a deviceGroups from this tab UnregisteredDefining device port interfaces To create a device group Go to System Devices Groups Creating Device GroupsStatus Managing the FortiLog unitStatus Interval Operating ModeRefresh AlertsChanging the FortiLog host name To change the operating mode in the CLIChanging operating modes Set system opmode activepassiveViewing system resources information To change the firmware using the web-based managerChanging the firmware To change the firmware using the CLI Installing firmware from a system rebootExecute restore image namestr tftpip Execute restore image FortiLog400-v120.outPress any key to enter configuration menu To install firmware from a system rebootImmediately press any key to interrupt the system startup Enter Local AddressTo test a new firmware image before installing it Testing a new firmware imageFollowing message appears Enter File Name image.outSave as Default firmware/Run image without savingD/R Installing a backup firmware imageGet system status You can test the new firmware image as requiredType B To install a backup firmware imageSwitching to the default firmware image Switching to a backup firmware imageTo switch to the backup firmware image To switch back to the default firmware image Backing up system settingsExecute reboot To backup up system settings Go to System Status StatusRestore factory default system settings Restoring system settingsTo restore system settings Go to System Status Status Restoring a FortiLog unitPress any key to begin download To upload the firmware image to the FortiLog unitNetwork ConfigConfig RAID Config Policy Log settingsLog to Host PortLog policy Config PolicyCSV format Levels Description Generated byTime AdminOptions LanguageConfigure Administrator access Administrator options Administrator account levelsChanging the Administrator password Devices Active modeTo add an administrator account Go to System Config Admin Adding and registering a device Device listEditing device information Server Alert EmailTo edit a device Go to System Devices Local Device Active modeCreating a new device alert Attack Type Entry and listing Level of wait interval Attack TypeTo add a device alert Go to System Alert Email Device AlertsVirus Type Defining IP aliases Network SharingWindow IP aliases To set host alias names Go to Reports IP AliasesReports To create a report Go to Reports ConfigCreating and generating a report Select New and enter a name for the reportTo define report parameters Go to Reports Config Configuring report parametersSet the following Select Run nowTo set the report queries Go to Reports Config Configuring a report queryResolve Service Names Ranked Reports show top Select a report from the list Select QueriesCreating a query profile To select the devices Go to Reports ConfigSelecting the devices for the report To create a query profileCreating a device profile To set the filtering on a log report Go to Reports ConfigSelect filtering options To create a device profileTo create a scheduled report Go to Reports Config Setting a report scheduleCreating a filter profile To create a report filter profileChoosing the report destination and format Creating a report schedule profileSelect Schedule Select a day from the following To create a report schedule profileCreating a report destination and format profile To generate a report on demand Go to Reports ConfigReports on demand To create a pre-defined output selectionTo view a generated report Go to File Browse Reports Viewing reportsIndividual reports Roll up reportVulnerability reports To create a report Go to Reports Config VulnerabilityCreating and generating a report Selecting report result parameters Per device Resolve Host Names Resolve Service NamesSelecting plug-ins Creating a plug-in profile To select the plug-ins Go to Reports Config VulnerabilitiesSelecting the scan targets for the report To create a plug-in profileTo add additional devices Creating a scan target profileTo create a scan target profile Browse/Reports hard disk FileEmail list As an email attachmentSelect the report name from the list of completed reports Viewing the vulnerability reportUsing Logs Viewing logs Log view interfaceTo view the device log files Go to File Browse Logs Finding log informationSelect the column header to change the sort order between Ascending and descending orderBasic log filter Alert level Importing log filesTo import a log file Go to File Browse Logs Match Up and Down arrowsLog Search Log watch Active modeTo set log watching Go to File Browse Logs Show Up and Down arrowsSort list Event correlation Active modeEvent correlation Active mode Connecting to the FortiLog file system Using the FortiLog unit as a NASSelect Enable for a file sharing protocol Providing access to the FortiLog hard diskSelecting a file sharing protocol Adding and modifying user accountsAdding and modifying group accounts Assigning access to foldersTo add a user group Go to Network Sharing Groups Select Create NewWindows sharing configuration NFS share configuration Modifying the user or group folder accessTo set file and folder permissions Go to File Browse Files Setting folder and file propertiesOwner CLI documentation conventions FortiLog CLI referenceConnecting to the FortiLog-800 console Connecting to the CLIFortiLog-800 login To connect to the FortiLog-800 consoleTo use the CLI to configure SSH or Telnet access Setting administrative access for SSH or TelnetWelcome Connecting to the FortiLog CLI using Telnet Connecting to the FortiLog CLI using SSHTo connect to the CLI using SSH To connect to the CLI using TelnetFortiLog CLI commands include CLI commandsExecute branch Get command architecture Use get to display settings, logs, or system informationGet branch Get system admin Get log logsettingGet report resolve Get report aliasesUse set alertemail to configure alert mails Use set to configure settings, logs, or system informationSet alertemail command architecture Set branchNamestr is the user name String is the passwordBelow Set alertmail local time 0.5 1.0 3.0 6.0Set alertmail device enable add leveltime CLI commandsSettings originate from a singe source IP Set console Use set console to set console configurationSet log command architecture Use set log to configure log settingsSet log YY-MM-DD 100 101 102 103 Set NASSet report Set report command architectureSet system 104105 106 107 0.0 108Trusthoststr is trusted host IP address Netmaskstr is the netmask109 Unset branch 111 112 Network Activity Appendix a Log Report TypesWeb Activity 113FTP Activity Mail Activity Terminal Activity115 Mail activity reports record Email traffic and connectionsAntivirus Activity Intrusion ActivityWeb Filter Activity 117 Mail Filter ActivityVPN Activity Content Activity119 120 121 IndexIndex 122123 124