26 Kas 2013

ObservX Fortigate v5 40C Ayarı

ObservX kurulan biryerde şayet Fortigate 40C varsa bu komutların yazılması gerek.

config log syslogd setting
    set status enable
    set server “10.1.0.10”
end

////////  dikkat edilmesi gereken ip değişritilmeli!!!!!

config system snmp community

    edit 1

        set events cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open faz-disconnect wc-ap-up wc-ap-down

            config hosts

                edit 1
                    set ip
192.168.3.0 255.255.255.0
                next
            end
        set name “observx”
    next
end

 

Problem U.T.M. logları alamıyorsanız sadece traffic log geliyorsa yukarıdaki makaleyi uygulayabilirsiniz.
Kontrol İçin :
Ayarlar => Veri girişi => Log kayıt aracı
Fortigate ip adresini yazın ve başlat diyin

Traffic Logu Örneği
10.1.0.99:514|date=2013-11-26 time=09:38:57 devname=FGT80C3909639593 devid=FGT80C3909639593 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.1.0.232 srcname=ASUS srcport=51677 srcintf=”internal” dstip=173.194.39.247 dstport=443 dstintf=”wan1″ sessionid=3083334 status=close policyid=28 dstcountry=”United States” srccountry=”Reserved” trandisp=snat transip=212.253.81.202 transport=51677 service=HTTPS proto=6 duration=11 sentbyte=382 rcvdbyte=4070 sentpkt=5 rcvdpkt=6 devtype=”Windows PC” osname=”Windows” osversion=”8 (x64)” unauthuser=”savas@f1teknoloji.net” unauthusersource=”pop3″ mastersrcmac=54:04:a6:30:40:27 srcmac=54:04:a6:30:40:27

U.T.M. Log Örneği

10.1.0.99:514|date=2013-11-26 time=09:38:55 devname=FGT80C3909639593 devid=FGT80C3909639593 logid=0954024577 type=utm subtype=dlp eventtype=dlp level=notice vd=”root” filteridx=0 filtertype=none filtercat=none policyid=34 identidx=0 sessionid=3081800 epoch=968759220 eventid=23 srcip=10.1.0.28 srcport=58656 srcintf=”internal” dstip=23.64.215.46 dstport=80 dstintf=”wan1″ service=http filetype=”unknown” sentbyte=2262 rcvdbyte=59661 hostname=”www.samsung.com” url=”/tr/consumer/flagship/GT-I9500ZKATUR/img/sa013.png” file=”sa013.png” action=”log-only” profile=”default”