Instruction/ maintenance manual of the product FortiLog-100 Fortinet
Go to page of 124
FortiLog Administration Guide 1 4 FortiLog-100 FortiLog-400 8 FortiLog-800 FortiLog Administration Guide Ve r s i o n 1 . 6 January 15, 2004 05-16000-0082 -200501 15.
© Copyright 2005 Fortine t Inc. All rights reserved . No part of this publication incl uding text, examples , diagrams or illustrations may be reproduced, transmitted, or translated in any form or by an y means, electro nic, mechanical, manual, optical or otherwise, for any purpose, without prio r written permiss ion of Fort inet Inc.
Contents FortiLog Administration Guide 05-16000-0082-20050 1 15 3 Table of Contents Introduction ............. .............................. ........................................................ ......... 7 Operational Modes............. .........
Contents 4 05-16000-0082-20050 1 15 Fortinet Inc. Managing the FortiLog unit ........... ............................................................. ......... 29 Status .......................... ............. ............. ................ ........
Contents FortiLog Administration Guide 05-16000-0082-20050 1 15 5 Reports ............................. ............................................... ............................ ......... 57 Creating and generating a report .... ................ ..
Contents 6 05-16000-0082-20050 1 15 Fortinet Inc. Adding and modifying group accounts . ................ ............. ................ ................. ........... 83 Assigning access to folders . ................ ............. ................ ....
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 7 Introduction FortiLog unit s are network appliances that provide integr ated log collection, analysis tools and dat a storage.
8 05-16000-0082-20050 1 15 Fortinet Inc. Operational Modes Introduction Operational Modes The FortiLog device can op erate in two m odes: Active mode or Passive mo de. The web-based interface provides an interface that r eflects each models’ functionality .
Introduction Operational Modes FortiLog Administration Guide 05-16000-0082-20050 1 15 9 Figure 3: FortiLog Active mode n etwork architec ture Passive Mode Passive mode enables you to use the Fort iLog unit solely as a Network Attach ed Server (NAS) storage device.
10 05-16000-0082-20050 1 15 Fortinet Inc. About this guide Introduction About this guide This document describe s how to set up and configure the FortiLog unit. The configuration and featur es of the FortiLog unit are similar in ei ther mode. Section titles indicate where the features or configuration dif fers or is unique to each mode.
Introduction Related documentati on FortiLog Administration Guide 05-16000-0082-20050 1 15 11 Related document ation Additional info rmation about Fortinet prod uc ts is available from the following related documentation .
12 05-16000-0082-20050 1 15 Fortinet Inc. Related documentati on Introduction FortiManager documentation • FortiManager QuickS t art Guide Explains how to inst all the FortiManager Console, set up the FortiMan ager Server , and configure basic setting s.
Introduction Customer service a nd technical support FortiLog Administration Guide 05-16000-0082-20050 1 15 13 Customer service and technical support For antiviru s and attack d efinition u p dates, f.
14 05-16000-0082-20050 1 15 Fortinet Inc. Customer service and technical support Introduction.
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 15 Setting up the FortiLog unit This chapte r includes : • Checking the package conte nts • Hardwa.
16 05-16000-0082-20050 1 15 Fortinet Inc. Checking the package contents Setting up the FortiLog unit Figure 5: FortiLog front an d back diagrams Hardware specifications Dimensions • FortiLog-100: 38 x 17 x 31 cm • FortiLog-400: 54 x 33 x 44 cm • FortiLog-800: 78 x 65 x 25 cm Weight • FortiLog-100: 2.
Setting up the FortiLog unit Planning the installati on FortiLog Administration Guide 05-16000-0082-20050 1 15 17 Power requirements • FortiLog-100 • AC input volt age: 100 to 2 40 V AC • AC input current: 1.
18 05-16000-0082-20050 1 15 Fortinet Inc. Connecting the FortiLog unit Setting up the FortiLog unit Figure 6: FortiLog co nnection option Connecting the FortiLog unit Y ou can install the FortiLog un it as a free-standin g appliance on any stable su rface.
Setting up the FortiLog unit Configuring the FortiLog unit FortiLog Administration Guide 05-16000-0082-20050 1 15 19 Configuring the FortiLog unit Use the web-based man ager or the Command Line In terface (CLI) to configure the F ortiLog unit IP address, netmask, DNS se rver IP a ddress, and defa ult gateway IP address.
20 05-16000-0082-20050 1 15 Fortinet Inc. Configuring the FortiLog u nit Setting up th e FortiLog unit 6 T ype admin in the Name field and select Login. After connecting to the Web-base d manager , you can configure the Fo rtiLog unit IP address, DNS server IP address, and de faul t gateway to connect the FortiLog uni t to the network.
Setting up the FortiLog unit Configuring the FortiLog unit FortiLog Administration Guide 05-16000-0082-20050 1 15 21 3 Set the primary DNS se rver IP address: set system dns primary <IP_address>.
22 05-16000-0082-20050 1 15 Fortinet Inc. Configuring the FortiLog u nit Setting up th e FortiLog unit.
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 23 Connecting to the FortiLog Unit In order for For tiLog to receiv e log files, you need to config ure the FortiGat e, FortiMail or syslog devices to send l og files to the FortiLog unit.
24 05-16000-0082-20050 1 15 Fortinet Inc. Sending device logs to the FortiLog unit Connecting to the FortiLog Unit Figure 7: FortiGat e 2.8 log settings 5 Enter the IP address of the FortiLog un it. 6 Set the level th at the FortiG ate unit logs messages to the FortiLog unit.
Connecting to the FortiLog Unit Sending device logs to the FortiLog unit FortiLog Administration Guide 05-16000-0082-20050 1 15 25 Figure 8: FortiGat e 2.5 Log settings 2 Select Log to Remote Host to send the logs to a syslog server . 3 Enter the IP address of the FortiLog un it.
26 05-16000-0082-20050 1 15 Fortinet Inc. Configuring the FortiLog u nit Connecting to the FortiLog Unit Configuring the FortiLog unit When you configure a device to send logs to the FortiLog unit, an entry for the de vice appears automatically in th e Unregistered Devices tab.
Connecting to the FortiLog Unit Configuring the FortiLog unit FortiLog Administration Guide 05-16000-0082-20050 1 15 27 3 Enter a device name. For a FortiGate de vice, this is the same en try as entered as the Local ID set in the Log&Config settings for FortiLog.
28 05-16000-0082-20050 1 15 Fortinet Inc. Configuring the FortiLog u nit Connecting to the FortiLog Unit Y ou can classify the device in terfaces as one of None, LAN, W AN or DMZ to match the type of traf fic the interface will process.
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 29 Managing the FortiLog unit Using the FortiLog system settings, you can view the op erating s tatus of the For tiLog unit and configure the For tiLog unit fo r your network.
30 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit Figure 1 1: System status (Active mode) Automatic Refresh Interval Select to control how often the web-based manager update s the system status d isplay . Go Select to set the selected automatic refresh interval.
Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 31 Changing the FortiLog host name The FortiLog host name appears o n the S t atus pa ge and in the FortiLog CLI prompt. T o change the FortiLog unit host name 1 Go to System > St atus > Sta tus .
32 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit Viewing system resources information On the S t atus page, yo u can view the CPU, memor y and hard disk usage information and the session information. By selecting the History link under System Re sources , you can also vi ew the sta tistic s for the previous minute.
Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 33 T o change the firmware using the CLI Use the following proc edure to upgra de the FortiLog un it to a newer firmwar e version or revert t o a prev ious firmwa re version.
34 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit T o perform th is procedure you need to inst all a TFTP server that you can co nnect to from the FortiLog unit LAN port. The TFTP server should be on the same subnet as the LAN port.
Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 35 The following m essage appears: Enter File Name [image.out]: 11 Enter the firmware image filen ame and press Enter .
36 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit 7 Immediately press any key to interr upt the s ystem startup. If you successfully int errupt the startup process, the followin g message appears: [G]: Get firmware image from TFTP server.
Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 37 T o install a backup firmware image 1 For all three FortiLog mo dels, use a terminal e mulation so ftware to access th e unit’s CLI.
38 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit The FortiLog unit save s the backup firmware image and restar ts. When the FortiL og unit restart s it is running the pr eviously installed firmware version.
Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 39 T o switch back to the default firmware image 1 For all three FortiLog mo dels, use a terminal e mulation so ftware to access th e unit’s CLI.
40 05-16000-0082-20050 1 15 Fortinet Inc. Status Managing the FortiLog unit T o download a FortiLog debug log 1 Go to System > St atus > Sta tus . 2 For System Settings , select Backup . 3 Select download debug log. 4 T ype a name and location for the file.
Managing the Forti Log unit Status FortiLog Administration Guide 05-16000-0082-20050 1 15 41 T o upload the firmware image to the FortiLog unit 1 Make sure the TFTP se rver is running. 2 Copy the firmware image file to the root di r ectory of the TFTP server .
42 05-16000-0082-20050 1 15 Fortinet Inc. Config Managing the FortiLog unit Config Use system c onfig to c onfigure the Fort iLog network settings, RAID se ttings, log message settings, time settings, and other option s. Y ou can also add and remove FortiLog administrator accoun ts a nd chan ge administrator p asswords.
Managing the Forti Log unit Config FortiLog Administration Guide 05-16000-0082-20050 1 15 43 RAID T o configure the FortiLog RAID level and check the RAID disk sp ace, go to System > Config > RAID . Figure 14: RAID settings IP Address Enter the static IP address required by the FortiLog unit to be able to connect to your network.
44 05-16000-0082-20050 1 15 Fortinet Inc. Config Managing the FortiLog unit Log settings T o configure the FortiLog unit to log locally or to send FortiLog log messages to a remote syslog server , go to System > Config > Log Settings . Y ou can c onfigure th e log level and you can use config policy to record event log messages.
Managing the Forti Log unit Config FortiLog Administration Guide 05-16000-0082-20050 1 15 45 Log policy Select Config Policy to configure the Fort iLog unit to send even t log messages to a local or remote syslog server . Enable Event Log to record mana gement and activity event s.
46 05-16000-0082-20050 1 15 Fortinet Inc. Config Managing the FortiLog unit Time T o change the FortiLog unit time, go to System > Config > Time .
Managing the Forti Log unit Config FortiLog Administration Guide 05-16000-0082-20050 1 15 47 Figure 19: Admin Configure Administrator access Configure administrative access to allow remo te administra tion of the FortiL og unit. However , allowing remo te administration could compro mise the secur ity of your FortiLog unit.
48 05-16000-0082-20050 1 15 Fortinet Inc. Config Managing the FortiLog unit T o configure administrative access to the FortiLog unit 1 Go to System > Config > Admin . 2 Select the Administrative Access methods for the FortiLog unit. 3 Select Apply .
Managing the Forti Log unit Devices (Active mode) FortiLog Administration Guide 05-16000-0082-20050 1 15 49 T o add an administrator account 1 Go to System > Config > Admin . 2 Select New . 3 Enter a login name for the a dministrator account. 4 Enter and confirm a p assword for the administrator accoun t.
50 05-16000-0082-20050 1 15 Fortinet Inc. Devices (Active mode) Managing the FortiLog unit Device list T o add and manage devices connecting to the FortiLog unit, go to Syst em > Devices .
Managing the Forti Log unit Alert Email FortiLog Administration Guide 05-16000-0082-20050 1 15 51 T o edit a device 1 Go to System > Devices . 2 For the device you want to edit, select E dit. 3 Modify the device info rmation and se lect an Interface T ype for each interface, as required.
52 05-16000-0082-20050 1 15 Fortinet Inc. Alert Email Managing the FortiLog unit Local T o set the email alert notification for the FortiLog unit, go to System > Alert Email > Local . Set the options when the FortiLog unit aler ts an individual or gro up of individuals.
Managing the Forti Log unit Alert Email FortiLog Administration Guide 05-16000-0082-20050 1 15 53 Figure 25: Device alert settings Alert Name Enter a name to identify the alert settings. Devices to Monitor Select the device lo gs the FortiLog unit moni tors.
54 05-16000-0082-20050 1 15 Fortinet Inc. Alerts Managing the FortiLog unit T o add a device alert 1 Go to System > Alert Email > Device . 2 Select Create New . 3 Set the Alert email options as req uired. 4 Select Enable to set the FortiLog unit to send alert email messages fo r selected device s.
Managing the Forti Log unit Network Sharing FortiLog Administration Guide 05-16000-0082-20050 1 15 55 Figure 26: Device a lert messages Network Sharing Use Network Sharing to co nfigure th e FortiLog un it to use file sharing ( Windows workgroups or NFS) to view an d share log reports a nd other file s.
56 05-16000-0082-20050 1 15 Fortinet Inc. Defining IP aliases Managing the FortiLog unit Figure 27: IP aliase s T o set host alias names 1 Go to Reports > IP Aliases . 2 Select Create New . 3 Enter a name of the host, network or IP address range in the Alias text box.
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 57 Report s The FortiLog unit collates information collected from device log files and present s the information in t ables and graphs. There are over 130 dif ferent report s, in 1 1 categories.
58 05-16000-0082-20050 1 15 Fortinet Inc. Creating and generating a report Reports 3 Set the following: • “Configuring repor t paramete rs” on page 58 • “Configuring a report quer y” on pa.
Reports Creating and generating a repo rt FortiLog Administration Guide 05-16000-0082-20050 1 15 59 5 Select Apply . Configuring a report query Select the specific information you need to gene rate a more concise repor t. Each report category include s a refined list of sub-categories that re ports spec ific information.
60 05-16000-0082-20050 1 15 Fortinet Inc. Creating and generating a report Reports 4 Select the plus sign next to a category to expand and view the sub categ ories. 5 Select the content from the sub-categories to include in the report s. 6 Select Apply .
Reports Creating and generating a repo rt FortiLog Administration Guide 05-16000-0082-20050 1 15 61 6 Select the group or individual de vices to use in the report. 7 Select Apply . Creating a device profile Y ou can save the selections as a device pr ofile.
62 05-16000-0082-20050 1 15 Fortinet Inc. Creating and generating a report Reports 4 Select the type of matching for the filter criter ia: • Select Any t o find any m atches for th e criteria sp ecified. • Select All to find all c riteria. All criter ia must match to display in the results.
Reports Creating and generating a repo rt FortiLog Administration Guide 05-16000-0082-20050 1 15 63 3 Select Schedule. 4 Select a day from the following: 5 Select a specified time of the day to run the report, up to three times per day . 6 Select Apply .
64 05-16000-0082-20050 1 15 Fortinet Inc. Creating and generating a report Reports T o select the report destination and fo rmat 1 Go to Reports > Config . 2 Select a report from the list. 3 Select Output. 4 Set the following options: 5 Select Apply .
Reports Viewing reports FortiLog Administration Guide 05-16000-0082-20050 1 15 65 V iewing report s Use the FortiLog web-based mana ger to vi ew a list of the generated rep orts. The generated report s are available in HTML, PDF , RTF an d ASCII text formats, depending on the output configuration.
66 05-16000-0082-20050 1 15 Fortinet Inc. Viewing reports Reports Roll up report The roll up report cont ains all reports that you selected for the FortiLog unit to generate. Sele ct the report name to view the report roll up in HTML format. Figure 35: Roll up report Select a report categor y to expand the list o f report sub-ca tegories.
Reports Vulnerability repo rts FortiLog Administration Guide 05-16000-0082-20050 1 15 67 Figure 36: VPN activity report in PDF V ulnerability reports V ulnerability report s show any potential we aknesses to attacks that may exist for selected devices by dis playing the available ports on a FortiGate device.
68 05-16000-0082-20050 1 15 Fortinet Inc. Vulnerability reports Reports 3 Set the following: • “Selecting report resu lt parameters” on page 68 • “Selecting plug-ins” on p age 68 • “Selecting the scan targ ets for the repor t” on page 69 • “Choosing the repo rt destination and format” on page 7 1 .
Reports Vulnerability repo rts FortiLog Administration Guide 05-16000-0082-20050 1 15 69 Figure 38: V ulnerability plugin optio ns T o select the plug-ins 1 Go to Reports > Config > V u lnerabilities . 2 Select a report from the list. 3 Select Plug-ins.
70 05-16000-0082-20050 1 15 Fortinet Inc. Vulnerability reports Reports Figure 39: Selecting scan target s T o select the scan tar get s 1 Go to Reports > Config > V u lnerability . 2 Select a report from the list. 3 Select Scan T argets. 4 Select devices from the Av ailable IP Aliases list.
Reports Vulnerability repo rts FortiLog Administration Guide 05-16000-0082-20050 1 15 71 4 Select Apply . Choosing the report destination and format Select destination and format for the vulnerab ility report. Configure the FortiLog unit to either save the report s to the FortiLog hard disk or email th e report to any number of recipients or bo th.
72 05-16000-0082-20050 1 15 Fortinet Inc. Vulnerability reports Reports Viewing the vulnerability report The FortiLog unit saves the vulnerability report ei ther to it hard disk or sends the report as an email attachme nt.
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 73 Using Logs The FortiLog unit collect s log files from various source s and stores them on its hard disk.
74 05-16000-0082-20050 1 15 Fortinet Inc. The Log view interfa ce Using Logs The Log view interface The log viewer interface provides a means of viewing device log files. Figure 42: V iewing the logs V iewing logs The log viewer interface provides a display of log data that you can organize and format.
Using Logs Viewing logs FortiLog Administration Guide 05-16000-0082-20050 1 15 75 Figure 43: Viewing a device log T o view the device log files 1 Go to File Browse > Logs . 2 Select a device ta b. 3 Expand the group name and device name to see the list of av ailable logs.
76 05-16000-0082-20050 1 15 Fortinet Inc. Viewing logs Using Logs Figure 44: Basic log f ilter 5 Do the following to search the log using the Basic log filter: 6 Select Apply . T o perform a standard se arch of the log conten t s 1 Go to File Browse > Logs .
Using Logs Importing log files FortiLog Administration Guide 05-16000-0082-20050 1 15 77 6 Select each row in the Filter column. 7 Each row of information provides criteria for the se arch: The row criteria available reflect the content within the selected log file.
78 05-16000-0082-20050 1 15 Fortinet Inc. Log Search Using Logs Log Search Use the Log Search, to perfor m a simple search of all log files on the FortiLog unit. The FortiLog unit maint ains a search history for future use. If you need to clean out a long search history , select Clear History .
Using Logs Event correlation (Active mode) FortiLog Administration Guide 05-16000-0082-20050 1 15 79 5 Select Apply . Event correlation (Active mode) Event correlation is a data mining feature th at provides a way of re viewing attacks on multiple devices in one location .
80 05-16000-0082-20050 1 15 Fortinet Inc. Event correlation (Active mode) Using Logs Show me Select Show me to view the selection from the sort li st. # The number of entries for the attack report. Log time The date and time of the attack. Device ID The name of the device subjected to th e attack.
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 81 Using the FortiLog unit as a NAS Users can save, store and access information on the FortiL og hard disk as an alternate means of storing imp ortant files and wor k.
82 05-16000-0082-20050 1 15 Fortinet Inc. Providing access to the FortiLog hard disk Using the FortiLog unit a s a NAS Providing access to the FortiLog hard disk T o enable user access to the FortiLog hard disk to store and access files you need to add user and group account s to the FortiLog u nit.
Using the FortiLog unit as a NAS Providing access to the FortiLog hard disk FortiLog Administration Guide 05-16000-0082-20050 1 15 83 Adding and modifyi ng group accounts Create user group s to assign directory access to many users at once rath er than individually .
84 05-16000-0082-20050 1 15 Fortinet Inc. Providing access to the FortiLog hard disk Using the FortiLog unit a s a NAS Figure 49: Windows sharing confi guration 3 Select the Local Path button to select the f older for th e users or groups to access . 4 Select OK.
Using the FortiLog unit as a NAS Providing access to the FortiLog hard disk FortiLog Administration Guide 05-16000-0082-20050 1 15 85 Figure 50: NFS share configuration 3 Select the Local Path button to select the f older for th e users or groups to access .
86 05-16000-0082-20050 1 15 Fortinet Inc. Setting folder an d file prope rties Using the FortiLog unit a s a NAS Setting folder and file properties The FortiLog unit enables you to administer the folders and files on the FortiLog hard disk.
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 87 FortiLog CLI reference This chapter explains how to connect to and use the FortiLog comm and line interface (CLI). Y ou can use CLI commands to view all system information and to change all system configuration settings.
88 05-16000-0082-20050 1 15 Fortinet Inc. Connecting to the CLI FortiLog CLI reference Connecting to the CLI The FortiLog-800 model has serial port and you can use the null modem cable to connect it to your management computer . The FortiLog-100 and 400 models do not supp ort serial cable connections.
FortiLog CLI reference Connecting to the CLI FortiLog Administration Guide 05-16000-0082-20050 1 15 89 10 T ype the password for this administrator an d press Enter . The following prompt appears: Welcome! Y ou have connected to the FortiLog CLI, and you can enter CLI command s.
90 05-16000-0082-20050 1 15 Fortinet Inc. Connecting to the CLI FortiLog CLI reference 4 T o confirm that you have configured SSH or T elnet access correctly , enter the following command to view the .
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 91 CLI commands The FortiLog CLI command s include: • execute br anch • get branch • set branch • uns.
92 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference get branch Use get to display settings, logs, or system information. T able 5: get command architecture get alertemail con.
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 93 get report reso lve Display the settings (what is turned on) for resolving host and service names. get report alia ses Display a list of IP aliases and their IP address.
94 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set branch Use set to configure settings, logs, or system information. set alertemail Use set alertemail to configure alert mails.
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 95 set alertemai l device {enable | disable} add virusalert {enable | disable}< return> virusany {any |.
96 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set alertmail device enable add levelnum {emergency | alert | critical | error | warning | notification | information} Set the level to monitor before sending an alert message.
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 97 set console Use set console to set console configurat ion.
98 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set log Use set log to configure log settings T able 8: set log command architectu re set log client <string> device.
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 99 set log devtype <string> report name <report name><Return> period from <YY -MM- DD-HH.
100 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference Commands Descr iption set log client <client_string> device id <id_string> secure {yes | no} psk <p sk_str.
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 101 set log setting syslo g remote server <server _ip> port <port_integer> loglevel <severity_.
102 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set log devtype <str ing> filters <string> Select the filter options to include in a rep ort and store a s a profile for later use in other reports.
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 103 set NAS Use set NAS to configure the FortiLog NAS serve r settings when using the FortiLog unit in Passive mode.
104 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set report Use set report to configure the Fort iLog report settings. set system Use set system to configure the Fort iLog system settings. T able 10: set report command architecture set report resolve <services | aliases> alias <alias> ho stnetrange <x.
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 105 set system interface <intf_str> config denyaccess ping <r eturn> https <return> ssh <retur n> snmp <return > http <return> telnet <return> wins <xxx.
106 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference set system interface <intf_str> config denyaccess ping <r eturn> https <return> ssh <retur n> snmp <return > http <return> telnet <return> wins <xxx.
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 107 set system opmode active <return> passive <return> option admintimeout <timeout_integer>.
108 05-16000-0082-20050 1 15 Fortinet Inc. CLI commands FortiLog CLI reference Commands Descript ion set system admin username <name_str> password <password_str> permission {readonly | readwrite} Enter system administrator user name, password, and access permission.
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 109 set system interface config stp_passthrough set system interface <intf_str> config mode static Set the interface mode to static. set system mainregpage hide Hide main regist ration message.
11 0 05-16000-0 082-200501 15 Fortinet Inc. CLI commands FortiLog CLI reference unset branch Use unset to remove configuration of aler t email, log, and system. set system time ma nual zone <No.> Set the system time zone by number . set system time manual dst {disable | enable} Enable or d isable daylight sa ving time.
FortiLog CLI reference CLI commands FortiLog Administration Guide 05-16000-0082-20050 1 15 111 unset nas user <user name> Remove a user name. unset nas group <g roup name> Remove a group name. unset nas share <sha re name> Remove a Wi ndows-shared folder setting.
11 2 05-16000-0 082-200501 15 Fortinet Inc. CLI commands FortiLog CLI reference.
FortiLog Administration Guide V ersion 1.6 FortiLog Administration Guide 05-16000-0082-20050 1 15 11 3 Appendix A: Log Report T ypes Y our FortiLog unit is can gener ate over 130 dif ferent types of log reports. Listed here are the log report s and a short description.
11 4 05-16000-0 082-200501 15 Fortinet Inc. Appendix A: Log Report Types FTP Activity FTP report s reco rd tota l FTP access act iviti es including traffic direction, sites and connections. Web T raf fic By Direction T otal incoming and outgoing web traffic in kilobytes.
Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050 1 15 11 5 Terminal Activity T erminal activity reports record total T erminal/CLI access activities. Mail Acti vity Mail activity report s record Email traf fic and conn ections.
11 6 05-16000-0 082-200501 15 Fortinet Inc. Appendix A: Log Report Types Intrusion Activity Intrusion activity repor ts record top netwo rk attacks and top att acks by a specific time. Antivirus Activity Antivirus activity reports record total antivi rus attacks by time, attack event types, top senders, and top re ceivers.
Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050 1 15 11 7 Mail Filter Activity Mail filter activity r eports re cord tota l and to p mail filter activities by device, time, and top senders an d receivers.
11 8 05-16000-0 082-200501 15 Fortinet Inc. Appendix A: Log Report Types VPN Activity VP N a ct iv i ty re po rts r ec or d t ota l V P N a ct iv it i es by a specific time and dir ection as well as top VPN ac tivities.
Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050 1 15 11 9 Content T raf fic By Hour Of Day And Service Hourly content traffic by Internet services in kilobytes fo r a specified date or range of days.
120 05-16000-0082-20050 1 15 Fortinet Inc. Appendix A: Log Report Types.
FortiLog Administration Guide 05-16000-0082-20050 1 15 121 FortiLog Administration Guide V ersion 1.6 Index A access to files 82 account levels 48 active and passive mode 8 administrator account 48 re.
122 05-16000-0082-20050 1 15 Fortinet Inc. Index L language setting 46, 109 LCD panel 21 log policy 45 logs download FortiLog debug log 39 importing 77 information 75 settings 44 watching 78 M memory .
Index FortiLog Administration Guide 05-16000-0082-20050 1 15 123 web-based manager connecting 19 idle ti meout 46 introduction 19 language 46, 109 windows shares 81.
124 05-16000-0082-20050 1 15 Fortinet Inc. Index.
An important point after buying a device Fortinet FortiLog-100 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Fortinet FortiLog-100 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Fortinet FortiLog-100 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Fortinet FortiLog-100 you will learn all the available features of the product, as well as information on its operation. The information that you get Fortinet FortiLog-100 will certainly help you make a decision on the purchase.
If you already are a holder of Fortinet FortiLog-100, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Fortinet FortiLog-100.
However, one of the most important roles played by the user manual is to help in solving problems with Fortinet FortiLog-100. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Fortinet FortiLog-100 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center