Skip to main content
tanr
tanr
New Member
August 25, 2018
Question

FortiSwitch logging and useful events

  • August 25, 2018
  • 1 reply
  • 15176 views

Hi All,

 

I've moved one of our locations over to FortiGate managed FortiSwitches, as part of a 5.6 Security Fabric.  It's actually gone pretty smoothly, though I am doing some direct CLI setting of the FortiSwitches for a few things.

 

I found I needed to set 

    config switch-controller switch-log

        set severity notification

to get enough useful logs.  These show up as system events on the FortiAnalyzer.  Oddly, a bunch of them show up with level=information.

 

I added a custom event handler to the FortiAnalyzer so that BPDU Guard shutting down a port will notify me:

    Log Type: Event Log

    Generic Text Filter: msg ~ "BPDU Guard: BPDU detected"

 

I found this useful since I set BPDU Guard on all edge ports and it catches bad configurations or malicious devices.  It also helped me discover our Sonos system does its own BPDUs - fun, fun.

 

I'm curious what useful or non-standard FortiSwitch events others might have created custom events for?

Or docs with possible FortiSwitch events, beyond the four types listed in the CLI (event, router, system, user)?

    1 reply

    bmduncan34
    bmduncan34
    New Member
    April 27, 2020

    Funny no one responded to your post.  I've got 39 Fortiswitches and I'd like my FortiAnalyzer to give me useful events from them too.  What you already provided in your question was useful to me though!  Thanks.

    Tezro
    Tezro
    New Member
    April 22, 2021

    No answer -because it's a bad type of question ...

     

    The right one is "where I can buy fortigate / fortiswitch / forti ...?" -in this case you would collect a lot of answers, every with contact mail / phone

    Terms & ConditionsAccessibility statement