Hi guys
I'm experiencing this kind of issue with FortiSIEM agent on Windows 2022 Server, the agent is not able to send logs related to Sysmon or any other kind of logs, even with different windows agent template associations.
When SNMP is configured to send info, the Supervisor is able to show this on performance and analytic real-time dashboards, but when the filter is like "Event type NOT CONTAIN PH", I can't see any logs, is supposed to be the event, system events, etc...
The CMDB show the server with agent status "Running active", the method "snmp, agent, ping", so no connectivity problem here.
How can I get some tips to solve this??
Thank you!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I updated the agent to 7.1.1 version and it solved everything.
Thank you!
Of course as I said before, I applied settings when template was assigned.
The FortiSIEM side looks good. What we know so far is:
Based on the above, I would be checking a couple of things:
I hope it helps
Thanks
Just to clarify. You need to hit the apply button, each time you make a change to the template. This is why I mentioned it, as its easy to forget.
Hi @Richie_C sorry for late reply. I'm been a little busy.
The collector is on the same subnet that DC-Server so no firewall policy because there is not intra-vlan traffic or ACL policies.
From server to super there is a policy that allow: (all ports)
From Super to server: (all ports)
(I opened all ports just for trying)
Tcpdump from collector on server show 443 traffic
Policy audit already enabled.
I'm going to try disable AV and EDR software (as this is running on server, *no logs related to siem agent)
Thank you!
I updated the agent to 7.1.1 version and it solved everything.
Thank you!
In your credential settings what protocol are you using - WMI or OMI? I had to change mine to OMI.
SNMP v3 for pam monitoring. For logs I'm trying to use the agent.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.