I am using fortigate device in our organization. now we have requirement to maintain logs for atleast months. Does cyberoam-iview support Fortigate? if yes, How can I configure both fortigate and cyberoam-iview?
Thanks in advance.
To receive logs from FortiGate Appliance, you need to configure FortiGate appliance as well as Cyberoam iView.
• If Cyberoam iView has to receive logs from local office, make sure that interface communicating with Cyberoam iView should have a static IP address.
• If Cyberoam iView has to receive logs from remote office and a public IP address is assigned to it, then allow UDP traffic over port 514 in your firewall.
• If Cyberoam iView has to receive logs from remote office and a private IP address is assigned to it, then create Virtual Host in your firewall.
Configure FortiGate to send logs
1.Configure Cyberoam iView as Syslog Server
Log on to web based manager administrative interface and go to Log&Reports-> Log Config. Click Log Settings tab to configure syslog server using following values
• Enable Remote Logging and Archiving option.
• Enable Syslog option to send logs to configured syslog server.
• IP/FQDN: IP Address of Cyberoam iView
• Port: 514
• Minimum Log Level: Debug
• Facility: Local7
2.Enable Logging in Protection Profile
Go to Firewall-> Protection Profile. Click edit icon to edit an existing protection profile or click Create New to create a new protection profile.
Enable logging for categories and classifications under FortiGuard Web Filtering section of Protection profile.
3.Enable Logging in Firewall Policy
Go to Firewall-> Policy. Click edit icon to edit an existing firewall policy or click Create New to create a new firewall policy.
Enable Log Allowed Traffic.
Configure Cyberoam iView
1.Browse to http://<IP address of the Cyberoam iView >:8000 and log on using Super Admin credentials.
2.On successful login, Super Admin will be prompted to activate the automatically detected FortiGate appliance configured in Step 1. It may take up to 5 minutes to receive the prompt.
3.Activate the FortiGate appliance with the following values:
• Device name – As per your requirement
• Device Type – FortiGate
• Status - Active
Cyberoam iView will receive all the logs enabled in the FortiGate Appliance and will take at least 5 minutes to generate reports after logs are received.
I have done all of this. I am able to get the logs but the reports and the graphs do not get populated.
Having the same issue here. The Live View option of iView shows log entries, such as the line below but all reports and dashboard are empty.
Also, if I add the device manually entering the correct device ID and device name, I still get the new device found message and iView creates a new device that needs to be configured. The manually added device does not show any live view reports while the automatically created one does.
I'm running fortiwifi v5.0.
date=2014-04-08 time=14:35:53 devname=FW80CM3913602198 devid=FW80CM3913602198 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.10.80.10 srcname=android-f25dabdd23ed58f9 srcport=33702 srcintf="wifi" srcssid="Aerotel2" dstip=126.96.36.199 dstport=5223 dstintf="wan1" sessionid=5089579 status=close policyid=2 dstcountry="Japan" srccountry="Reserved" trandisp=snat transip=188.8.131.52 transport=33702 service=5223/tcp proto=6 duration=42 sentbyte=354 rcvdbyte=6498 sentpkt=5 rcvdpkt=8 devtype="Android Tablet" osname="Android" mastersrcmac=78:f7:be:e6:ea:28 srcmac=78:f7:be:e6:ea:28