We have a pair of 1500d units and FortiAnalyzer. Last night one of our web servers started throwing errors. I *think* the Fortigate failed over to the other node, but I haven't be able to find any log to prove this.
How does one configure the Fortigate, or FortiAnalyzer, to alert someone when LB monitoring logs a failure with a web server?
Denny
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The best place to look for logs is the log reference guide:
https://docs.fortinet.com....6.3-Log-Reference.pdf
Below are the ones that deal with the Load balancer. I think the ones you want are logs 46003 and 46006. You could add event triggers in FortiAuthenticator for these to get emails.
46000 - LOG_ID_VIP_REAL_SVR_ENA 880
46001 - LOG_ID_VIP_REAL_SVR_DISA 881
46002 - LOG_ID_VIP_REAL_SVR_UP 882
46003 - LOG_ID_VIP_REAL_SVR_DOWN 883
46004 - LOG_ID_VIP_REAL_SVR_ENT_HOLDDOWN 883
46005 - LOG_ID_VIP_REAL_SVR_FAIL_HOLDDOWN 884
46006 - LOG_ID_VIP_REAL_SVR_FAIL 885
While it's not quite the question you asked - I have a rule in my FortiAnalyzer to alert me to an HA Failover. FortiAnalyzer -> Event Management -> Event Handler List -> HA Failover -> editing that to provide you specifics....
Filters are: Log Type of Event Log, Event Category of HA, Group By Log Description, Logs match "ALL" Log Field = Log Description
Match Criteria = Equal To
Value = Virtual cluster move member state
Notifications are set to Generate alert when at least 1 matches occurred over a period of 30 minutes.
Set SMTP mail as appropriate to you.
Hi,
I also have the same issue now. I am thinking of a way to get alert from FortiGate or FortiAnalyzer when some of the real servers in LoadBalancer config fail.
If you found a way to do it, please tell :)
If i find it in the meantime i will update you.
Regards
-1984-
The best place to look for logs is the log reference guide:
https://docs.fortinet.com....6.3-Log-Reference.pdf
Below are the ones that deal with the Load balancer. I think the ones you want are logs 46003 and 46006. You could add event triggers in FortiAuthenticator for these to get emails.
46000 - LOG_ID_VIP_REAL_SVR_ENA 880
46001 - LOG_ID_VIP_REAL_SVR_DISA 881
46002 - LOG_ID_VIP_REAL_SVR_UP 882
46003 - LOG_ID_VIP_REAL_SVR_DOWN 883
46004 - LOG_ID_VIP_REAL_SVR_ENT_HOLDDOWN 883
46005 - LOG_ID_VIP_REAL_SVR_FAIL_HOLDDOWN 884
46006 - LOG_ID_VIP_REAL_SVR_FAIL 885
Hi,
Thanks. I;ll configure that, and will update if it works properly.
-1984-
-1984-
Awesome. It works.
Thanks
-1984-
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.