Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
nsoni
Staff
Staff

Created on ‎08-17-2023 06:21 AM

Article Id 269209

Troubleshooting Tip: FortiSIEM dropping rule does not work

Description This article describes how to fix an issue with FortiSIEM where the dropping rule to drop unwanted events does not work despite being configured correctly.
Scope FortiSIEM.
Solution

Restart the phParser process on the Supervisor or collector as per the configuration to receive events.

 

  1. Log in to the CLI using SSH and switch to the 'admin' user:

su admin

 

  1. Stop the phParser process:

phtools --stop phParser

 

  1. Verify the phParser is down:

phstatus

 

  1. Start the phParser process:

phtools --start phParser

 

  1. Verify phParser is up:

phstatus
Labels:
778
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.