Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
saharawolf
New Contributor

Created on ‎06-12-2014 01:18 AM

Log analysis with ManageEngine firewall analyzer !

Hello everyone, I used to have a fortianalyzer 800B to log and make reports for my fortigates. However, my 800B doesn' t support V5 firmware and thus it doesn' t analyze logs from upgraded firewalls. I' ve been looking for a workaround to get my logs analyzed and found the ManageEngine firewall analyzer witch support Fortigates (that' s what they say). I configured everything and get my forti sending logs to the analyzer but i found that the reports aren' t like what i expected (not like fortianalyzer ones). For example, i found that manageengine classes teamviewer or MS update or anything blocked as an attack !! that' s weird ! Have any one tried using manageengine ? Or can you tell me a suitable software to do this task like the fortianalyzer ? Thanks to everyone who would help. Regards
7577
0 Kudos
4 REPLIES 4
billp
Contributor

Created on ‎06-12-2014 09:21 AM

I assume you' ve looked at FortiCloud? That might be the least expensive solution if it works for you. If you have some facility with setting up a syslog server, I' ve found that Logstash can do a nice job of parsing the existing Fortigate logs. This is really a DIY approach to interpret logs, though, and not an out-of-the-box solution. It doesn' t generate reports as much as it allows you to create specific views into firewall activity. Still -- it has all the data from your logs. I' ve heard good things about the free Cyberoam Iview software, but have not used it. That' s probably similar to ManageEngine. Logmojo.com looks like a good non-free solution and is tailored for Fortigate. Hope that helps. I' m a big fan of Logstash, but it' s not for everyone.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
2680
0 Kudos
Nihas
New Contributor

Created on ‎07-18-2014 01:49 AM

Hi , You can try Cyber Roam Iview http://www.cyberoam-iview.org/
Nihas [\b]
Nihas [\b]
2680
0 Kudos
FortiAdam
Contributor II

Created on ‎07-28-2014 07:02 PM

I used ManageEngine for a short period of time and noticed the same issues. All of the denied UDP traffic that my firewalls were logging as locally denied was showing as " attack" traffic. You might consider LogMojo by Security Confidence as well. It' s a cloud based log analysis tool that you pay for based on the amount of storage you need.
2680
0 Kudos
Mark_Oakton
Contributor

Created on ‎10-15-2014 04:36 PM

logmojo works well on fortigate traffic
Infosec Partners
Infosec Partners
2680
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.