Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
schif22
New Contributor

Rest Api - FGT - 6.4.2 - Fortiview

Hi,

I'm trying to retrieve from my fgt, using Rest API commands, a list of devices order by opened sessions, in order to automate a block policy.

 

I'm able to query, add remove addresses or change group but I'm unable to query Fortiview information.

 

Has someone experienced with Rest API and could suggest me documentation and example about that?

 

tnx

4 REPLIES 4
pminarik
Staff
Staff

Secret tip: Try running your browser network debugger when setting up the desired filter in the GUI. It will show you what the FortiGate itself request to retrieve the FortiView data.

 

To give an example for your specific query:

- search through currently open sessions (realtime=true)

- IPv4 (ip_version)

- group individual items by source-IP (report_by=source)

- sort by count of sessions (sort_by=sessions)

- from VDOM root (vdom)

- top 10 (count=10)

 

GET /api/v2/monitor/fortiview/statistics?realtime=true&ip_version=ipv4&report_by=source&sort_by=sessions&vdom=root&count=10

 

[ test signature, please ignore ]
schif22


@pminarik wrote:

Secret tip: Try running your browser network debugger when setting up the desired filter in the GUI. It will show you what the FortiGate itself request to retrieve the FortiView data.

 

To give an example for your specific query:

- search through currently open sessions (realtime=true)

- IPv4 (ip_version)

- group individual items by source-IP (report_by=source)

- sort by count of sessions (sort_by=sessions)

- from VDOM root (vdom)

- top 10 (count=10)

 

GET /api/v2/monitor/fortiview/statistics?realtime=true&ip_version=ipv4&report_by=source&sort_by=sessions&vdom=root&count=10

 


Thanks Pminarik, your secret tip is amazing!

 

only one more question:

 

Why if I try to use api with:

 

GET 'https://$FGTIP/api/v2/cmdb/firewall/address?access_token=$TOKEN'

 

it works and it return the adresses informations but if I use this one

 

GET 'https://$FGTIP/api/v2/monitor/fortiview/statistics?realtime=true&ip_version=ipv4&report_by=source&sort_by=sessions&vdom=root&count=10&access_token=$TOKEN'

 

it returns a 403 error? Token and execution host are the same.

thanks

pminarik

403 error may be a permission issue. Please check if your API user is assigned an admin profile with at least read-only access to FortiView. (called "ftviewgrp" in CLI)

 

If that's not the issue, run httpsd debug while reproducing the issue so that we can get a better idea of what's happening.

1, Make sure nobody is logged into the GUI (to avoid noise in debugs)

2, In SSH/console, start the debug:

diag debug enable
diag debug app httpsd -1

3, Reproduce the issue with your API call

4, Stop debugs:

diag debug reset
diag debug disable

 

[ test signature, please ignore ]
schif22
New Contributor

Pminarik thanks again, you were right!

My issue was about a too low permission user.

increased and now everithing is working fine.


thx!