I've moved one of our locations over to FortiGate managed FortiSwitches, as part of a 5.6 Security Fabric. It's actually gone pretty smoothly, though I am doing some direct CLI setting of the FortiSwitches for a few things.
I found I needed to set
config switch-controller switch-log
set severity notification
to get enough useful logs. These show up as system events on the FortiAnalyzer. Oddly, a bunch of them show up with level=information.
I added a custom event handler to the FortiAnalyzer so that BPDU Guard shutting down a port will notify me:
Log Type: Event Log
Generic Text Filter: msg ~ "BPDU Guard: BPDU detected"
I found this useful since I set BPDU Guard on all edge ports and it catches bad configurations or malicious devices. It also helped me discover our Sonos system does its own BPDUs - fun, fun.
I'm curious what useful or non-standard FortiSwitch events others might have created custom events for?
Or docs with possible FortiSwitch events, beyond the four types listed in the CLI (event, router, system, user)?
Funny no one responded to your post. I've got 39 Fortiswitches and I'd like my FortiAnalyzer to give me useful events from them too. What you already provided in your question was useful to me though! Thanks.
it's quite simple ...
questions appear after purchasing Fortinet equipment and there are no people willing to answer...
This is what I meant and I am certainly not mistaken
This applies to many issues - for example Fortigate support for LTE modems
The marketing answer is "yeah, of course our equipment works with LTE modems!"
The technical answer is: "well, they do work, but only specific models of selected manufacturers and with a specific firmware" -but you will find out about it until you spend a few nights looking for a solution to the problem -I checked personally ...
I would ask for a specific solution:
how to configure Fortswitch so that device statistics can be read via SNMP and sFlow - Fortiswitch is controlled by Fortigate for ease of use ...
Despite all the splendor, the universal functionality of the set: Fortigate + FortiLink + Fortiswitch etc etc, somehow I can't find such an option (I can see traffic in the Dashboard but for the entire VLAN, not the specific network traffic of port 17 in the switch)
For me it matters and it is much more important than the next bugged version of FortiOS 7 with 170 "new features" instead of fixing nightmarish bugs in FortiOS 6.2 and 6.4 or simply put into F generation at least 4Gigs of RAM to avoid legendary "memory conserve mode" -it would cost maybe 10$ more in production but saves a lot of careers ;^)
Well, I'm just a technician, not a marketer
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.