Skip to main content
schif22
schif22
New Member
May 30, 2022
Question

Rest Api - FGT - 6.4.2 - Fortiview

  • May 30, 2022
  • 2 replies
  • 4838 views

Hi,

I'm trying to retrieve from my fgt, using Rest API commands, a list of devices order by opened sessions, in order to automate a block policy.

 

I'm able to query, add remove addresses or change group but I'm unable to query Fortiview information.

 

Has someone experienced with Rest API and could suggest me documentation and example about that?

 

tnx

    2 replies

    pminarik
    Staff
    pminarik
    Staff
    May 30, 2022

    Secret tip: Try running your browser network debugger when setting up the desired filter in the GUI. It will show you what the FortiGate itself request to retrieve the FortiView data.

     

    To give an example for your specific query:

    - search through currently open sessions (realtime=true)

    - IPv4 (ip_version)

    - group individual items by source-IP (report_by=source)

    - sort by count of sessions (sort_by=sessions)

    - from VDOM root (vdom)

    - top 10 (count=10)

     

    GET /api/v2/monitor/fortiview/statistics?realtime=true&ip_version=ipv4&report_by=source&sort_by=sessions&vdom=root&count=10

     

      schif22
      schif22Author
      New Member
      May 31, 2022
      @pminarik wrote:

      Secret tip: Try running your browser network debugger when setting up the desired filter in the GUI. It will show you what the FortiGate itself request to retrieve the FortiView data.

       

      To give an example for your specific query:

      - search through currently open sessions (realtime=true)

      - IPv4 (ip_version)

      - group individual items by source-IP (report_by=source)

      - sort by count of sessions (sort_by=sessions)

      - from VDOM root (vdom)

      - top 10 (count=10)

       

      GET /api/v2/monitor/fortiview/statistics?realtime=true&ip_version=ipv4&report_by=source&sort_by=sessions&vdom=root&count=10

       

      Thanks Pminarik, your secret tip is amazing!

       

      only one more question:

       

      Why if I try to use api with:

       

      GET 'https://$FGTIP/api/v2/cmdb/firewall/address?access_token=$TOKEN'

       

      it works and it return the adresses informations but if I use this one

       

      GET 'https://$FGTIP/api/v2/monitor/fortiview/statistics?realtime=true&ip_version=ipv4&report_by=source&sort_by=sessions&vdom=root&count=10&access_token=$TOKEN'

       

      it returns a 403 error? Token and execution host are the same.

      thanks

      pminarik
      Staff
      pminarik
      Staff
      May 31, 2022

      403 error may be a permission issue. Please check if your API user is assigned an admin profile with at least read-only access to FortiView. (called "ftviewgrp" in CLI)

       

      If that's not the issue, run httpsd debug while reproducing the issue so that we can get a better idea of what's happening.

      1, Make sure nobody is logged into the GUI (to avoid noise in debugs)

      2, In SSH/console, start the debug:

      diag debug enable
      diag debug app httpsd -1

      3, Reproduce the issue with your API call

      4, Stop debugs:

      diag debug reset
      diag debug disable

       

        schif22
        schif22Author
        New Member
        June 1, 2022

        Pminarik thanks again, you were right!

        My issue was about a too low permission user.

        increased and now everithing is working fine.


        thx!

        Terms & ConditionsCookie settingsAccessibility statement