FortiSiem - AIX server regstration

plip · ‎07-17-2023

have you tried registering AIX server? we're able to configure syslog setting but AIX still not sending logs to Fortisiem.

premchanderr · ‎07-17-2023

Hi,

The IBM AIX server can be integrated via syslog , ssh and snmp.

If syslogs are not reaching Fortisiem then it has to be checked on end device or network.

You can take a packet capture to verify:

Collect a tcpdump on the FortiSiem using below commands (Leave it for 5mins) :
# tcpdump -i any "host x.x.x.x" -vvv -w AIXserver.pcap //x.x.x.x --- is the server IP . Export the pcap and review.

Documentation Link:

https://docs.fortinet.com/document/fortisiem/7.0.0/external-systems-configuration-guide/125735/ibm-a...

Regards,
Prem Chander R

View solution in original post

premchanderr · ‎07-17-2023

Hi,

The IBM AIX server can be integrated via syslog , ssh and snmp.

If syslogs are not reaching Fortisiem then it has to be checked on end device or network.

You can take a packet capture to verify:

Collect a tcpdump on the FortiSiem using below commands (Leave it for 5mins) :
# tcpdump -i any "host x.x.x.x" -vvv -w AIXserver.pcap //x.x.x.x --- is the server IP . Export the pcap and review.

Documentation Link:

https://docs.fortinet.com/document/fortisiem/7.0.0/external-systems-configuration-guide/125735/ibm-a...

Regards,
Prem Chander R

plip · ‎07-24-2023

using the tcpdump command aix is not sending logs to the siem. any ideas what can be checked on the end device? since the syslog config is pretty straightforward (*.* @IPadd)

Is there any other sides that can be look into?

premchanderr · ‎08-01-2023

Hi @plip ,
If there are no traffic in tcpdump then it is network layer issue and further probe should be done via firewall or in network. You can also try traceroute to the SIEM from end device.

Regards,
Prem Chander R

FortiSiem - AIX server regstration

Nominate a Forum Post for Knowledge Article Creation