FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
nmerchant
Staff
Staff
Article Id 194344

Description

 

This article explains how to configure SCP backup for FortiAnalyzer/FortiManager.

 

Scope

 

FortiAnalyzer.

Solution

 

  1. Check the OpenSSH version on the Linux station for version 5.4 or higher.
  2. Create a private/public key pair in the current directory: Assuming the user is Fortinet execute the below command under /home/fortinet ssh-keygen -f ca-key . Resulting keys: "ca-key" - private key, 'ca-key.pub' - public key.
  3. Set up the ssh server to trust the CA key: Under home/fortinet execute echo 'cert-authority $(cat ca-key.pub)' >> /home/fortinet/.ssh/authorized_keys.
  4. Create a user private/public key pair: Under home/fortinet execute ssh-keygen -f user-key . Resulting keys: 'user-key' - private key, 'user-key.pub' - public key.
  5. Sign the user key with the CA key: Under /home/fortinet execute ssh-keygen -s ca-key -I <key-id> user-key.pub . <key-id> is a "key identity" that is logged by the server when the certificate is used for authentication, for example, "fortinet’s key" A separate certificate file called user-key-cert.pub will be created.
  6. Decrypt the user private key: Under /home/fortinet execute openssl rsa -in user-key. Copy the output.
  7. On the FortiAnalyzer/FortiManager, enter the following commands.

 

config system certificate ssh

    edit <cert-name>
        set private-key "<copy from the decrypted user key you got in step f>" <----- Do not forget to have the quotes (") before and after the text. copied/pastee here.
        set certificate "<copy from the content of file user-key-cert.pub>"    <----- Do not forget to have the quotes (") before and after the text  copied/pasted here.
end

 

  1. Test backup from FortiAnalyzer/FortiManager.

exec backup all-settings scp <scp server ip, i.e. ip address of the linux server used above> <path/filename> <username> <cert-name>

 

Where username is a user account on scp server, which trusts the CA key. <cert-name> is the certificate created on FAZ in step 7 above.

To schedule scp backups configure as below:

 

config system backup all-settings
    set status enable
    set server <ip address of the linux server above>
    set user <username>
    set directory <backup directory on server>
    set week_days monday Tuesday …
    set time <time>
    set protocol scp
    set cert <cert-name>
end