Fortinet FortiLog-100 - Manual

Fortinet FortiLog-100

Fortinet FortiLog-100 – Manual, read for free online in PDF format. We hope this helps you resolve any issues you may have. If you have further questions, please contact us through the contact form.

1 Page 1
2 Page 2
3 Page 3
4 Page 4
5 Page 5
6 Page 6
7 Page 7
8 Page 8
9 Page 9
10 Page 10
11 Page 11
12 Page 12
13 Page 13
14 Page 14
15 Page 15
16 Page 16
17 Page 17
18 Page 18
19 Page 19
20 Page 20
21 Page 21
22 Page 22
23 Page 23
24 Page 24
25 Page 25
26 Page 26
27 Page 27
28 Page 28
29 Page 29
30 Page 30
31 Page 31
32 Page 32
33 Page 33
34 Page 34
35 Page 35
36 Page 36
37 Page 37
38 Page 38
39 Page 39
40 Page 40
41 Page 41
42 Page 42
43 Page 43
44 Page 44
45 Page 45
46 Page 46
47 Page 47
48 Page 48
49 Page 49
50 Page 50
51 Page 51
52 Page 52
53 Page 53
54 Page 54
55 Page 55
56 Page 56
57 Page 57
58 Page 58
59 Page 59
60 Page 60
61 Page 61
62 Page 62
63 Page 63
64 Page 64
65 Page 65
66 Page 66
67 Page 67
68 Page 68
69 Page 69
70 Page 70
71 Page 71
72 Page 72
73 Page 73
74 Page 74
75 Page 75
76 Page 76
77 Page 77
78 Page 78
79 Page 79
80 Page 80
81 Page 81
82 Page 82
83 Page 83
84 Page 84
85 Page 85
86 Page 86
87 Page 87
88 Page 88
89 Page 89
90 Page 90
91 Page 91
92 Page 92
93 Page 93
94 Page 94
95 Page 95
96 Page 96
97 Page 97
98 Page 98
99 Page 99
100 Page 100
101 Page 101
102 Page 102
103 Page 103
104 Page 104
105 Page 105
106 Page 106
107 Page 107
108 Page 108
109 Page 109
110 Page 110
111 Page 111
112 Page 112
113 Page 113
114 Page 114
115 Page 115
116 Page 116
117 Page 117
118 Page 118
119 Page 119
120 Page 120
121 Page 121
122 Page 122
123 Page 123
124 Page 124
Page: / 124

Table of Contents:

  • Page 2 – Trademarks; For technical support, please visit
  • Page 3 – Table of Contents
  • Page 7 – FortiLog Administration Guide Version 1.6; Introduction; FortiLog units operate in one of two modes:
  • Page 8 – Operational Modes; Active Mode; Figure 2: FortiLog unit in Active mode
  • Page 9 – Figure 3: FortiLog Active mode network architecture; Passive Mode; Figure 4: FortiLog unit in Passive mode
  • Page 10 – About this guide
  • Page 11 – Related documentation; FortiGate documentation; Provides a context-sensitive and searchable version of the
  • Page 12 – FortiManager documentation
  • Page 13 – Customer service and technical support
  • Page 15 – Setting up the FortiLog unit; This chapter includes:; Checking the package contents
  • Page 16 – Figure 5: FortiLog front and back diagrams; Hardware specifications
  • Page 17 – Power requirements; operation of the equipment is not compromised.; Mechanical loading; Planning the installation
  • Page 18 – Figure 6: FortiLog connection option; Connecting the FortiLog unit; To connect the FortiLog unit to the network; Place the unit on a stable surface.; Management PC; FortiLog unit
  • Page 19 – Configuring the FortiLog unit; Using the web-based manager; To connect to the web-based manager; Table 2: Factory defaults; LAN
  • Page 20 – To configure the FortiLog unit using the web-based manager; Using the command line interface; To connect to the FortiLog-800 unit; To configure the FortiLog unit using the CLI; get system interface
  • Page 21 – Set the primary DNS server IP address:; Using the front panel buttons and LCD
  • Page 23 – Connecting to the FortiLog Unit; Sending device logs to the FortiLog unit; Configuring FortiGate unit running FortiOS 2.8; Log on to the FortiGate unit.
  • Page 24 – Enter the IP address of the FortiLog unit.; Configuring FortiGate devices running FortiOS 2.5; Go to
  • Page 25 – Configuring FortiMail devices; Log Setting; “Log policy” on page 45
  • Page 26 – Adding a device; To add a device; For a FortiGate device, go to
  • Page 27 – “Creating Device Groups” on page 28; Defining device port interfaces
  • Page 28 – Creating Device Groups; To create a device group; Table 3: Log report traffic direction identification
  • Page 29 – Managing the FortiLog unit; Status
  • Page 31 – Changing the FortiLog host name; To change the FortiLog unit host name; Changing operating modes; “Operational Modes” on page 8; To change the operating mode in the web-based manager
  • Page 32 – Viewing system resources information; “Backing up system settings” on page 39; To change the firmware using the web-based manager; Copy the firmware image file to your management computer.
  • Page 33 – To change the firmware using the CLI; execute backup config; Installing firmware from a system reboot
  • Page 34 – To install firmware from a system reboot; Make sure that the TFTP server is running.; execute reboot
  • Page 35 – The following message appears:; Testing a new firmware image; To test a new firmware image before installing it; Make sure the TFTP server is running.
  • Page 36 – Immediately press any key to interrupt the system startup.; Installing a backup firmware image
  • Page 37 – To install a backup firmware image
  • Page 38 – Switching to a backup firmware image; “Switching to the default firmware image” on page 38; To switch to the backup firmware image; Enter the following command to restart the FortiLog unit:; Switching to the default firmware image
  • Page 39 – To switch back to the default firmware image; Backing up system settings; To backup up system settings; Downlading the FortiLog debug log
  • Page 40 – To download a FortiLog debug log; Restoring system settings; To restore system settings; Restore factory default system settings; To restore system settings to factory defaults; Restoring a FortiLog unit
  • Page 41 – To upload the firmware image to the FortiLog unit; RAID; Go; Refresh; Create Date
  • Page 42 – Config; Network; To configure the FortiLog network settings, go to
  • Page 44 – Log settings; . You can configure the
  • Page 45 – Log policy
  • Page 46 – Time; To change the FortiLog unit time, go to; Options; To change the FortiLog administration options, go to; Admin; To change the FortiLog administrator settings, go to; Language
  • Page 47 – Configure Administrator access
  • Page 48 – To configure administrative access to the FortiLog unit; Administrator account levels; There are three administration account access levels:; Administrator options; Figure 20: Administrator options; Read Only; Administrator
  • Page 49 – To add an administrator account; Changing the Administrator password; To change the admin account password; Device list
  • Page 50 – To add and manage devices connecting to the FortiLog unit, go to; Adding and registering a device; “Sending device logs to the FortiLog unit” on page 23; Editing device information; Figure 22: Editing a device
  • Page 51 – To edit a device; Alert Email; Server; To set the mail server options go to
  • Page 52 – To set the email alert notification for the FortiLog unit, go to; Local; Figure 24: Local alert settings; Creating a new device alert; When you add a new device alert, you can set the following options.
  • Page 54 – To add a device alert; Alerts; Single Source Only
  • Page 55 – Network Sharing; “Using the FortiLog unit as a NAS” on page 81; Defining IP aliases
  • Page 56 – Figure 27: IP aliases; To set host alias names
  • Page 57 – Reports; “Appendix A: Log Report Types” on page 113; Creating and generating a report; To create a report
  • Page 58 – Configuring report parameters; Figure 28: Report parameter settings; To define report parameters
  • Page 59 – Configuring a report query; Figure 29: Report query options; To set the report queries; Per device; “Defining IP
  • Page 60 – Creating a query profile; To create a query profile; Enter a name for the profile and select OK.; Selecting the devices for the report; Figure 30: Selecting devices; To select the devices
  • Page 61 – Select the group or individual devices to use in the report.; Creating a device profile; To create a device profile; Select filtering options; Figure 31: Filter options; To set the filtering on a log report
  • Page 62 – “Log policy” on page 42; Creating a filter profile; To create a report filter profile; Setting a report schedule; Figure 32: Report scheduling; To create a scheduled report
  • Page 63 – Select a day from the following:; Creating a report schedule profile; To create a report schedule profile; Choosing the report destination and format; You can save the output options for use in other reports.; Daily; These Days; These Dates
  • Page 64 – To select the report destination and format; Creating a report destination and format profile; To create a pre-defined output selection; Reports on demand; To generate a report on demand; Email it
  • Page 65 – Viewing reports; “Choosing the report destination and format” on page 63; To view a generated report; File Browse > Reports; Figure 34: Viewing reports; Report
  • Page 66 – Roll up report; Figure 35: Roll up report; Individual reports; Report title
  • Page 67 – Figure 36: VPN activity report in PDF; Vulnerability reports
  • Page 68 – “Selecting report result parameters” on page 68; Selecting report result parameters; • the device IP addresses or alias names.; To define report result parameters
  • Page 69 – Figure 38: Vulnerability plugin options; To select the plug-ins; Creating a plug-in profile; To create a plug-in profile; Selecting the scan targets for the report
  • Page 70 – Figure 39: Selecting scan targets; To select the scan targets; Creating a scan target profile; To create a scan target profile
  • Page 71 – Figure 40: Selecting report output; Email list
  • Page 72 – Viewing the vulnerability report; Figure 41: Viewing the list of vulnerability reports; To view the vulnerability report saved to the FortiLog hard disk; Action; Size
  • Page 73 – Using Logs
  • Page 74 – The Log view interface
  • Page 75 – Figure 43: Viewing a device log; To view the device log files; FortiGate Log Message Reference; Finding log information; To perform a basic search of the log contents; Page
  • Page 76 – To perform a standard search of the log contents
  • Page 77 – Importing log files; To import a log file
  • Page 78 – Log Search; To search the log files for specific information; File Browse > Log Search; Show
  • Page 79 – To run an event correlation:; File Browse > Event Correlation; Select an attack type from the list; Sort list
  • Page 81 – Using the FortiLog unit as a NAS; To view and manage files stored on the FortiLog hard drive; Connecting to the FortiLog file system
  • Page 82 – Providing access to the FortiLog hard disk; Selecting a file sharing protocol; To set the file sharing for the FortiLog unit; Network Sharing > Protocols; Select Enable for a file sharing protocol.; Adding and modifying user accounts; “Configure Administrator; To add a user account; Network Sharing > Users; Enter the following information for the user account:
  • Page 83 – Adding and modifying group accounts; To add a user group; Network Sharing > Groups; Enter the following information for the group account:; Assigning access to folders; To add a new Windows share configuration; Network Shares > Access > Windows Shares; Group; GID
  • Page 84 – Figure 49: Windows sharing configuration; To add a new NFS share configuration
  • Page 85 – Figure 50: NFS share configuration; Modifying the user or group folder access; To modify the FortiLog folder access; Network Sharing > Access
  • Page 86 – Setting folder and file properties; To set file and folder permissions
  • Page 87 – FortiLog CLI reference; CLI documentation conventions; restore config myfile.bak
  • Page 88 – Connecting to the CLI; Connecting to the FortiLog-800 console; To connect to the FortiLog-800 console; Bits per second
  • Page 89 – Setting administrative access for SSH or Telnet; “Admin” on page 46; To use the CLI to configure SSH or Telnet access; set system interface port1 config allowaccess ssh
  • Page 90 – Connecting to the FortiLog CLI using SSH; To connect to the CLI using SSH; Connecting to the FortiLog CLI using Telnet; To connect to the CLI using Telnet
  • Page 91 – CLI commands; The FortiLog CLI commands include:; execute branch; Use
  • Page 92 – get branch
  • Page 94 – set branch; set alertemail
  • Page 97 – set console
  • Page 98 – set log
  • Page 99 – Table 8: set log command architecture
  • Page 100 – Commands
  • Page 103 – set NAS
  • Page 104 – set report; set system; set report command architecture
  • Page 105 – Table 11: set system command architecture
  • Page 109 – set system mainregpage hide
  • Page 110 – unset branch
  • Page 111 – unset report resolve
  • Page 113 – Appendix A: Log Report Types; Network Activity; Log report
  • Page 114 – FTP Activity
  • Page 115 – Terminal Activity; Mail activity reports record Email traffic and connections.
  • Page 116 – Intrusion Activity
  • Page 117 – Mail Filter Activity
  • Page 118 – VPN Activity
  • Page 121 – Index
Loading the manual

FortiLog

Administration Guide

1

4

FortiLog-100

FortiLog-400

8

FortiLog-800

FortiLog Administration Guide

Version 1.6

January 15, 2004

05-16000-0082-20050115

"Loading the manual" means you need to wait until the file loads and becomes available for online reading. Some manuals are very large, and the time they take to appear depends on your internet speed.

Summary

Page 2 - Trademarks; For technical support, please visit

© Copyright 2005 Fortinet Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced,transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical orotherwise, for any purpose, without prior written pe...

Page 3 - Table of Contents

Contents FortiLog Administration Guide 05-16000-0082-20050115 3 Table of Contents Introduction ............................................................................................................ 7 Operational Modes................................................................................

Page 7 - FortiLog Administration Guide Version 1.6; Introduction; FortiLog units operate in one of two modes:

FortiLog Administration Guide Version 1.6 FortiLog Administration Guide 05-16000-0082-20050115 7 Introduction FortiLog units are network appliances that provide integrated log collection, analysis tools and data storage. Detailed log reports provide historical as well as current analysis of network ...

Other Fortinet Models

All Fortinet Other