FortiLogAdministration Guide14FortiLog-100FortiLog-4008FortiLog-800FortiLog Administration GuideVersion 1.6 January 15, 200405-16000-0082-20050115
10 05-16000-0082-20050115 Fortinet Inc.About this guide IntroductionAbout this guideThis document describes how to set up and configure the FortiLog u
100 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceCommands Descriptionset log client <client_string> deviceid <id_st
FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 101set log setting syslog remote server <server_ip> po
102 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceset log devtype <string> filters <string> Select the filter opt
FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 103set NASUse set NAS to configure the FortiLog NAS server s
104 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceset reportUse set report to configure the FortiLog report settings.set syst
FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 105set systeminterface <intf_str>configdenyaccessping
106 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceset systeminterface <intf_str>configdenyaccessping <return>http
FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 107set systemopmodeactive <return>passive <return&g
108 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceCommands Descriptionset system admin username <name_str> password <
FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 109set system interface config stp_passthroughset system int
Introduction Related documentationFortiLog Administration Guide 05-16000-0082-20050115 11Related documentationAdditional information about Fortinet
110 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceunset branchUse unset to remove configuration of alert email, log, and syst
FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 111unset nas user <user name> Remove a user name.unset
112 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI reference
FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 113Appendix A: Log Report TypesYour FortiLog unit is ca
114 05-16000-0082-20050115 Fortinet Inc.Appendix A: Log Report TypesFTP ActivityFTP reports record total FTP access activities including traffic direc
Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050115 115Terminal ActivityTerminal activity reports record total Terminal
116 05-16000-0082-20050115 Fortinet Inc.Appendix A: Log Report TypesIntrusion ActivityIntrusion activity reports record top network attacks and top at
Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050115 117Mail Filter ActivityMail filter activity reports record total an
118 05-16000-0082-20050115 Fortinet Inc.Appendix A: Log Report TypesVPN ActivityVPN activity reports record total VPN activities by a specific time an
Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050115 119Content Traffic By Hour Of Day And ServiceHourly content traffic
12 05-16000-0082-20050115 Fortinet Inc.Related documentation IntroductionFortiManager documentation• FortiManager QuickStart GuideExplains how to inst
120 05-16000-0082-20050115 Fortinet Inc.Appendix A: Log Report Types
FortiLog Administration Guide 05-16000-0082-20050115 121FortiLog Administration Guide Version 1.6IndexAaccess to files 82account levels 48active and
122 05-16000-0082-20050115 Fortinet Inc.IndexLlanguage setting 46, 109LCD panel 21log policy 45logsdownload FortiLog debug log 39importing 77informati
IndexFortiLog Administration Guide 05-16000-0082-20050115 123web-based managerconnecting 19idle timeout 46introduction 19language 46, 109windows sh
124 05-16000-0082-20050115 Fortinet Inc.Index
Introduction Customer service and technical supportFortiLog Administration Guide 05-16000-0082-20050115 13Customer service and technical supportFor
14 05-16000-0082-20050115 Fortinet Inc.Customer service and technical support Introduction
FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 15Setting up the FortiLog unitThis chapter includes:• C
16 05-16000-0082-20050115 Fortinet Inc.Checking the package contents Setting up the FortiLog unitFigure 5: FortiLog front and back diagramsHardware sp
Setting up the FortiLog unit Planning the installationFortiLog Administration Guide 05-16000-0082-20050115 17Power requirements• FortiLog-100• AC in
18 05-16000-0082-20050115 Fortinet Inc.Connecting the FortiLog unit Setting up the FortiLog unitFigure 6: FortiLog connection optionConnecting the For
Setting up the FortiLog unit Configuring the FortiLog unitFortiLog Administration Guide 05-16000-0082-20050115 19Configuring the FortiLog unitUse th
© Copyright 2005 Fortinet Inc. All rights reserved.No part of this publication including text, examples, diagrams or illustrations may be reproduced,t
20 05-16000-0082-20050115 Fortinet Inc.Configuring the FortiLog unit Setting up the FortiLog unit6 Type admin in the Name field and select Login. Afte
Setting up the FortiLog unit Configuring the FortiLog unitFortiLog Administration Guide 05-16000-0082-20050115 213 Set the primary DNS server IP add
22 05-16000-0082-20050115 Fortinet Inc.Configuring the FortiLog unit Setting up the FortiLog unit
FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 23Connecting to the FortiLog UnitIn order for FortiLog
24 05-16000-0082-20050115 Fortinet Inc.Sending device logs to the FortiLog unit Connecting to the FortiLog UnitFigure 7: FortiGate 2.8 log settings5 E
Connecting to the FortiLog Unit Sending device logs to the FortiLog unitFortiLog Administration Guide 05-16000-0082-20050115 25Figure 8: FortiGate 2
26 05-16000-0082-20050115 Fortinet Inc.Configuring the FortiLog unit Connecting to the FortiLog UnitConfiguring the FortiLog unitWhen you configure a
Connecting to the FortiLog Unit Configuring the FortiLog unitFortiLog Administration Guide 05-16000-0082-20050115 273 Enter a device name.For a Fort
28 05-16000-0082-20050115 Fortinet Inc.Configuring the FortiLog unit Connecting to the FortiLog UnitYou can classify the device interfaces as one of N
FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 29Managing the FortiLog unitUsing the FortiLog system s
ContentsFortiLog Administration Guide 05-16000-0082-20050115 3Table of ContentsIntroduction...
30 05-16000-0082-20050115 Fortinet Inc.Status Managing the FortiLog unitFigure 11: System status (Active mode)Automatic Refresh IntervalSelect to cont
Managing the FortiLog unit StatusFortiLog Administration Guide 05-16000-0082-20050115 31Changing the FortiLog host nameThe FortiLog host name appear
32 05-16000-0082-20050115 Fortinet Inc.Status Managing the FortiLog unitViewing system resources informationOn the Status page, you can view the CPU,
Managing the FortiLog unit StatusFortiLog Administration Guide 05-16000-0082-20050115 33To change the firmware using the CLIUse the following proced
34 05-16000-0082-20050115 Fortinet Inc.Status Managing the FortiLog unitTo perform this procedure you need to install a TFTP server that you can conne
Managing the FortiLog unit StatusFortiLog Administration Guide 05-16000-0082-20050115 35The following message appears:Enter File Name [image.out]:11
36 05-16000-0082-20050115 Fortinet Inc.Status Managing the FortiLog unit7 Immediately press any key to interrupt the system startup.If you successfull
Managing the FortiLog unit StatusFortiLog Administration Guide 05-16000-0082-20050115 37To install a backup firmware image1 For all three FortiLog m
38 05-16000-0082-20050115 Fortinet Inc.Status Managing the FortiLog unitThe FortiLog unit saves the backup firmware image and restarts. When the Forti
Managing the FortiLog unit StatusFortiLog Administration Guide 05-16000-0082-20050115 39To switch back to the default firmware image1 For all three
Contents4 05-16000-0082-20050115 Fortinet Inc.Managing the FortiLog unit...
40 05-16000-0082-20050115 Fortinet Inc.Status Managing the FortiLog unitTo download a FortiLog debug log1 Go to System > Status > Status.2 For S
Managing the FortiLog unit StatusFortiLog Administration Guide 05-16000-0082-20050115 41To upload the firmware image to the FortiLog unit1 Make sure
42 05-16000-0082-20050115 Fortinet Inc.Config Managing the FortiLog unitConfigUse system config to configure the FortiLog network settings, RAID setti
Managing the FortiLog unit ConfigFortiLog Administration Guide 05-16000-0082-20050115 43RAIDTo configure the FortiLog RAID level and check the RAID
44 05-16000-0082-20050115 Fortinet Inc.Config Managing the FortiLog unitLog settingsTo configure the FortiLog unit to log locally or to send FortiLog
Managing the FortiLog unit ConfigFortiLog Administration Guide 05-16000-0082-20050115 45Log policySelect Config Policy to configure the FortiLog uni
46 05-16000-0082-20050115 Fortinet Inc.Config Managing the FortiLog unitTimeTo change the FortiLog unit time, go to System > Config > Time. For
Managing the FortiLog unit ConfigFortiLog Administration Guide 05-16000-0082-20050115 47Figure 19: AdminConfigure Administrator accessConfigure admi
48 05-16000-0082-20050115 Fortinet Inc.Config Managing the FortiLog unitTo configure administrative access to the FortiLog unit1 Go to System > Con
Managing the FortiLog unit Devices (Active mode)FortiLog Administration Guide 05-16000-0082-20050115 49To add an administrator account1 Go to System
ContentsFortiLog Administration Guide 05-16000-0082-20050115 5Reports ...
50 05-16000-0082-20050115 Fortinet Inc.Devices (Active mode) Managing the FortiLog unitDevice listTo add and manage devices connecting to the FortiLog
Managing the FortiLog unit Alert EmailFortiLog Administration Guide 05-16000-0082-20050115 51To edit a device1 Go to System > Devices.2 For the d
52 05-16000-0082-20050115 Fortinet Inc.Alert Email Managing the FortiLog unitLocalTo set the email alert notification for the FortiLog unit, go to Sys
Managing the FortiLog unit Alert EmailFortiLog Administration Guide 05-16000-0082-20050115 53Figure 25: Device alert settingsAlert Name Enter a name
54 05-16000-0082-20050115 Fortinet Inc.Alerts Managing the FortiLog unitTo add a device alert1 Go to System > Alert Email > Device.2 Select Crea
Managing the FortiLog unit Network SharingFortiLog Administration Guide 05-16000-0082-20050115 55Figure 26: Device alert messagesNetwork SharingUse
56 05-16000-0082-20050115 Fortinet Inc.Defining IP aliases Managing the FortiLog unitFigure 27: IP aliasesTo set host alias names1 Go to Reports >
FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 57ReportsThe FortiLog unit collates information collect
58 05-16000-0082-20050115 Fortinet Inc.Creating and generating a report Reports3 Set the following:• “Configuring report parameters” on page 58• “Conf
Reports Creating and generating a reportFortiLog Administration Guide 05-16000-0082-20050115 595 Select Apply.Configuring a report querySelect the s
Contents6 05-16000-0082-20050115 Fortinet Inc.Adding and modifying group accounts...
60 05-16000-0082-20050115 Fortinet Inc.Creating and generating a report Reports4 Select the plus sign next to a category to expand and view the sub ca
Reports Creating and generating a reportFortiLog Administration Guide 05-16000-0082-20050115 616 Select the group or individual devices to use in th
62 05-16000-0082-20050115 Fortinet Inc.Creating and generating a report Reports4 Select the type of matching for the filter criteria:• Select Any to f
Reports Creating and generating a reportFortiLog Administration Guide 05-16000-0082-20050115 633 Select Schedule.4 Select a day from the following:5
64 05-16000-0082-20050115 Fortinet Inc.Creating and generating a report ReportsTo select the report destination and format1 Go to Reports > Config.
Reports Viewing reportsFortiLog Administration Guide 05-16000-0082-20050115 65Viewing reportsUse the FortiLog web-based manager to view a list of th
66 05-16000-0082-20050115 Fortinet Inc.Viewing reports ReportsRoll up reportThe roll up report contains all reports that you selected for the FortiLog
Reports Vulnerability reportsFortiLog Administration Guide 05-16000-0082-20050115 67Figure 36: VPN activity report in PDFVulnerability reportsVulner
68 05-16000-0082-20050115 Fortinet Inc.Vulnerability reports Reports3 Set the following:• “Selecting report result parameters” on page 68• “Selecting
Reports Vulnerability reportsFortiLog Administration Guide 05-16000-0082-20050115 69Figure 38: Vulnerability plugin optionsTo select the plug-ins1 G
FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 7IntroductionFortiLog units are network appliances that
70 05-16000-0082-20050115 Fortinet Inc.Vulnerability reports ReportsFigure 39: Selecting scan targetsTo select the scan targets1 Go to Reports > Co
Reports Vulnerability reportsFortiLog Administration Guide 05-16000-0082-20050115 714 Select Apply.Choosing the report destination and formatSelect
72 05-16000-0082-20050115 Fortinet Inc.Vulnerability reports ReportsViewing the vulnerability reportThe FortiLog unit saves the vulnerability report e
FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 73Using LogsThe FortiLog unit collects log files from v
74 05-16000-0082-20050115 Fortinet Inc.The Log view interface Using LogsThe Log view interfaceThe log viewer interface provides a means of viewing dev
Using Logs Viewing logsFortiLog Administration Guide 05-16000-0082-20050115 75Figure 43: Viewing a device logTo view the device log files1 Go to Fil
76 05-16000-0082-20050115 Fortinet Inc.Viewing logs Using LogsFigure 44: Basic log filter5 Do the following to search the log using the Basic log filt
Using Logs Importing log filesFortiLog Administration Guide 05-16000-0082-20050115 776 Select each row in the Filter column.7 Each row of informatio
78 05-16000-0082-20050115 Fortinet Inc.Log Search Using LogsLog SearchUse the Log Search, to perform a simple search of all log files on the FortiLog
Using Logs Event correlation (Active mode)FortiLog Administration Guide 05-16000-0082-20050115 795 Select Apply.Event correlation (Active mode)Event
8 05-16000-0082-20050115 Fortinet Inc.Operational Modes IntroductionOperational ModesThe FortiLog device can operate in two modes: Active mode or Pass
80 05-16000-0082-20050115 Fortinet Inc.Event correlation (Active mode) Using LogsShow me Select Show me to view the selection from the sort list.# The
FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 81Using the FortiLog unit as a NASUsers can save, store
82 05-16000-0082-20050115 Fortinet Inc.Providing access to the FortiLog hard disk Using the FortiLog unit as a NASProviding access to the FortiLog har
Using the FortiLog unit as a NAS Providing access to the FortiLog hard diskFortiLog Administration Guide 05-16000-0082-20050115 83Adding and modifyi
84 05-16000-0082-20050115 Fortinet Inc.Providing access to the FortiLog hard disk Using the FortiLog unit as a NASFigure 49: Windows sharing configura
Using the FortiLog unit as a NAS Providing access to the FortiLog hard diskFortiLog Administration Guide 05-16000-0082-20050115 85Figure 50: NFS sha
86 05-16000-0082-20050115 Fortinet Inc.Setting folder and file properties Using the FortiLog unit as a NASSetting folder and file propertiesThe FortiL
FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 87FortiLog CLI referenceThis chapter explains how to co
88 05-16000-0082-20050115 Fortinet Inc.Connecting to the CLI FortiLog CLI referenceConnecting to the CLIThe FortiLog-800 model has serial port and you
FortiLog CLI reference Connecting to the CLIFortiLog Administration Guide 05-16000-0082-20050115 8910 Type the password for this administrator and p
Introduction Operational ModesFortiLog Administration Guide 05-16000-0082-20050115 9Figure 3: FortiLog Active mode network architecturePassive ModeP
90 05-16000-0082-20050115 Fortinet Inc.Connecting to the CLI FortiLog CLI reference4 To confirm that you have configured SSH or Telnet access correctl
FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 91CLI commandsThe FortiLog CLI commands include:• execute br
92 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceget branchUse get to display settings, logs, or system information. Table 5:
FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 93get report resolve Display the settings (what is turned on
94 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceset branchUse set to configure settings, logs, or system information.set ale
FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 95set alertemaildevice {enable | disable}addvirusalert {enab
96 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceset alertmail device enable add levelnum {emergency | alert | critical | err
FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 97set consoleUse set console to set console configuration.Ta
98 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceset logUse set log to configure log settingsTable 8: set log command archite
FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 99setlogdevtype <string>reportname <report name>
Kommentare zu diesen Handbüchern