Topic Thread

Expand all | Collapse all

Fortigate logging Issues

  • 1.  Fortigate logging Issues

    Posted 02-29-2016 23:50


    I am using a fortigate 3810A with firmware 5.2.5. i am trying to send logs to syslog and fortianalyzer. But when i use the managment IP as the source-ip it gives me errors.

    NG-IKY-FGT3810A-01 (setting) # set source-ip 10.206.1.19
    10.206.1.19 is not valid source ip.
    node_check_object fail! for source-ip 10.206.1.19

    value parse error before '10.206.1.19'
    Command fail. Return code -8


    config log syslogd setting
    set status enable
    set server "10.206.2.44"
    set reliable disable
    set port 514
    set csv enable
    set facility local0
    set source-ip 0.0.0.0
    end

    please can anyone help with this.



  • 2.  Fortigate logging Issues

    Posted 03-01-2016 05:32
    From the output, it does not seem like there are any VDOMs but a copy of relevant config would be helpful.



    [cid:] Mamoon Ansar
    Sr. Systems Engineer - Major Accounts
    Mobile: +1.513.703.3735
    [cid:storage_emulated_0_Download_image005]





  • 3.  RE: Fortigate logging Issues

    Posted 03-01-2016 05:45

    Thank you so much Mamoon, the fortigate is an ISP firewall and there are a lot of vdoms on it.

    Some sampling is shown below:

    NG-IKY-FGT3810A-01 (vdom) # edit

    I was able to do syslog logging through the VDOM, but i want to enable it globally to a single fortianalyzer and syslog



  • 4.  Fortigate logging Issues

    Posted 03-01-2016 05:51
    The management VDOM (VDOM flagged as management is root by default) sends logs for all the configured VDOM. You can override within a VDOM to send logs to a different syslog server but default value/configuration should be able to accomplish what you are doing. I figured there were VDOMs configured and the management IP belonged to a different VDOM for you to get the error.



    [cid:] Mamoon Ansar
    Sr. Systems Engineer - Major Accounts
    Mobile: +1.513.703.3735
    [cid:storage_emulated_0_Download_image005]





  • 5.  RE: Fortigate logging Issues

    Posted 03-01-2016 06:04

    I just checked again, the ip address is associated with the root vdom and not any other vdom and it is manually assigned.



  • 6.  Fortigate logging Issues

    Posted 03-01-2016 06:10
    So you can set source ip for root vdom which will send logs to your choice of syslog server using that source ip from all the VDOMs configured. You can call me if that helps.



    [cid:] Mamoon Ansar
    Sr. Systems Engineer - Major Accounts
    Mobile: +1.513.703.3735
    [cid:storage_emulated_0_Download_image005]





  • 7.  RE: Fortigate logging Issues

    Posted 03-03-2016 04:07

    Thanks Mamoon for your help.

    I was able to use the source-ip 'managment ip' for the root vdom, but i am able to see the root vdom on the fortianalyzer and also another vdom, i cant see the remaining vdoms on the fortigate. Also testing connectivity to the FAZ from fortigate still shows unable to retrieve faz status



  • 8.  Fortigate logging Issues

    Posted 03-03-2016 09:21
    Irabor,

    Do you have FAZ settings enabled in the Global VDOM?


    Mamoon Ansar
    Sr. Systems Engineer, Central Region

    [Fortinet]
    ________________________________
    E: mansar@fortinet.com<mansar@...
    M: +1 513.703.3735
    Skype: mansar3
    899 Kifer Road | Sunnyvale, CA 94086
    ________________________________

    www.fortinet.com<http://www.fortinet.com> [Twitter] <http://www.twitter.com/fortinet> [LinkedIn] <http://www.linkedin.com/company/fortinet> [Facebook] <http://www.facebook.com/fortinet> [YouTube] <http://www.youtube.com/user/SecureNetworks> [Google+] <https://plus.google.com/+fortinet>


    From: "Irabor Akonoman via cent.mgt.rpt.pub"


  • 9.  RE: Fortigate logging Issues

    Posted 03-03-2016 20:58

    Yes still enabled in global vdom.