Hi All,
I've moved one of our locations over to FortiGate managed FortiSwitches, as part of a 5.6 Security Fabric. It's actually gone pretty smoothly, though I am doing some direct CLI setting of the FortiSwitches for a few things.
I found I needed to set
config switch-controller switch-log
set severity notification
to get enough useful logs. These show up as system events on the FortiAnalyzer. Oddly, a bunch of them show up with level=information.
I added a custom event handler to the FortiAnalyzer so that BPDU Guard shutting down a port will notify me:
Log Type: Event Log
Generic Text Filter: msg ~ "BPDU Guard: BPDU detected"
I found this useful since I set BPDU Guard on all edge ports and it catches bad configurations or malicious devices. It also helped me discover our Sonos system does its own BPDUs - fun, fun.
I'm curious what useful or non-standard FortiSwitch events others might have created custom events for?
Or docs with possible FortiSwitch events, beyond the four types listed in the CLI (event, router, system, user)?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Funny no one responded to your post. I've got 39 Fortiswitches and I'd like my FortiAnalyzer to give me useful events from them too. What you already provided in your question was useful to me though! Thanks.
No answer -because it's a bad type of question ...
The right one is "where I can buy fortigate / fortiswitch / forti ...?" -in this case you would collect a lot of answers, every with contact mail / phone
Not clear why it's a bad question. I used the information there to get very helpful alerts related to SFP optics losing power and causing Fortilink problems. Can you explain what you meant?
Tezro is wrong. There is nothing wrong with the recommendation or his following questions.
He provides info into how to gain more quality logging and then asks if anyone has any other good use cases to make those events that are being logged useful.
Mike Pruett
it's quite simple ... questions appear after purchasing Fortinet equipment and there are no people willing to answer... This is what I meant and I am certainly not mistaken This applies to many issues - for example Fortigate support for LTE modems The marketing answer is "yeah, of course our equipment works with LTE modems!" The technical answer is: "well, they do work, but only specific models of selected manufacturers and with a specific firmware" -but you will find out about it until you spend a few nights looking for a solution to the problem -I checked personally ... @FortinetGuru I would ask for a specific solution: how to configure Fortswitch so that device statistics can be read via SNMP and sFlow - Fortiswitch is controlled by Fortigate for ease of use ... Despite all the splendor, the universal functionality of the set: Fortigate + FortiLink + Fortiswitch etc etc, somehow I can't find such an option (I can see traffic in the Dashboard but for the entire VLAN, not the specific network traffic of port 17 in the switch) For me it matters and it is much more important than the next bugged version of FortiOS 7 with 170 "new features" instead of fixing nightmarish bugs in FortiOS 6.2 and 6.4 or simply put into F generation at least 4Gigs of RAM to avoid legendary "memory conserve mode" -it would cost maybe 10$ more in production but saves a lot of careers ;^) Well, I'm just a technician, not a marketer
Cheers and good health! T
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.