Help
FortiSIEM Discussions
Taher11
New Contributor III

Created on ‎02-12-2024 11:54 PM

Device can't be automatically added to CMDB

Hello team,

I have successfully configured our main L3 switches to send Syslog to our centralized Fortisiem log server, but with all of that done nothing was discovered by the CMDB.

Bellow the conf in the Cisco switch, the 64.55 is the IP address for the fortisiem.

Screenshot 2024-02-13 075047.png

EL MOUSTAPHA MOHAMED LEMINE TAHER
EL MOUSTAPHA MOHAMED LEMINE TAHER
266
0 Kudos
3 REPLIES 3
adem_netsys
Contributor

Created on ‎02-12-2024 11:59 PM

Hi @Taher11 

 

Actually, when you send syslog to SIEM, you don't have to do discovery. it should automatically add it. I suggest you open tcpdump, you can check if the log is coming to SIEM

259
0 Kudos
Taher11
New Contributor III
In response to adem_netsys

Created on ‎02-13-2024 12:03 AM

Exactly @adem_netsys , but nothing was seen as syslog from that particular switch when running tcpdump on the fortisiem.

 

Screenshot 2024-02-13 080220.png

EL MOUSTAPHA MOHAMED LEMINE TAHER
EL MOUSTAPHA MOHAMED LEMINE TAHER
255
0 Kudos
adem_netsys
Contributor
In response to Taher11

Created on ‎02-13-2024 12:33 AM

In this case, we can say that syslog is not going to SIEM. If there is an FW in between, you need to check the permissions there.

242
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.