Created on 09-04-2024 06:31 AM Edited on 09-05-2024 12:54 AM By Jean-Philippe_P
Description | This article describes how to discover a device via SNMP and troubleshoot on failure for FortiSIEM. |
Scope | FortiSIEM. |
Solution |
First, check that the device supports SNMP from the External Systems Configuration Guide in section Supported Devices And Applications by Vendor in Discovery Overview and Performance Monitoring Overview.
Requirements for SNMP Device Discovery:
To check if the discovery process is running: Use the following command to list currently running processes:
phstatus
The phDiscover process handles discovery in FortiSIEM.
Enable debug logging for the discovery process and agent manager with these commands:
phtools --change-log DEBUG phDiscover
This changes the log level to 'DEBUG', providing more detailed information for troubleshooting.
Collect logs for the device: Run the following command to monitor the logs for the device being discovered:
tail -f /opt/phoenix/log/phoenix.log | grep -i <ip_address_of_device>
Initiate discovery from the GUI: Admin -> Discovery -> Select the device to be discovered -> Discover. Logs should appear once the discovery process is completed.
After collecting logs, revert the debug mode to INFO:
phtools --change-log=INFO phAgentManager
Logs collected via the 'tail' command will reveal the specific error causing the failure. Below is an example log for failed SNMP discovery:
If SNMP is configured as the discovery credential but discovery fails, use the snmpwalk command on the FortiSIEM CLI to diagnose the issue. To manually test SNMP connectivity, establish an SSH connection to the node performing the discovery and run:
snmpwalk -c <community> -v <version> <ip_address>
For example: snmpwalk -c public -v 2c 10.0.1.2
For SNMPv3, use:
snmpwalk -v3 -u <username> -l authPriv -a md5 -A '<password>' -x des -X '<password>' <PA_Firewall_IP>
Note: Adjust the command to match the SNMP configuration on the server.
If snmpwalk fails, discovery on the FortiSIEM GUI will also fail. Verify the following:
By following these steps, it should be possible to identify and resolve issues with FortiSIEM's SNMP discovery. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.