Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
adem_netsys
Contributor

Created on ‎11-12-2023 06:49 AM

Log Source SIEM

Hi guys,

 

In fortisiem, some of the log sources are sent to supervisor and some to collector. Is there any way to see this on the GUI other than getting a dump?

Labels:
1310
0 Kudos
2 Solutions
Richie_C
Staff
Staff
In response to adem_netsys

Created on ‎12-06-2023 09:35 AM

Hi 

I'm thinking that you could achieve it with an analytics search. I don't actually have a collector in my test setup, but my idea is to search all logs and then aggregate the search with reporting IP and collector name or collector id. Then use the count function as per the screenshot. I'm not sure if it will work if you have loads of events, but maybe you could play around with the filters to help narrow down the search.

 

I hope it helps!

Take a backup before making any changes

View solution in original post

Preview file
92 KB
1056
0 Kudos
heng
Staff
Staff
In response to adem_netsys

Created on ‎12-07-2023 08:25 AM Edited on ‎12-07-2023 08:25 AM

Richie is right, you can use the "change display fields" under the analytic to filter accordingly. E.g. if you see the Collector ID=1, that's mean the logs is sending to the supervisor while other not equal to 1 will be the corresponding collector with Collector ID=10002 for instance.

 

image.png

 

NSE8

View solution in original post

1039
0 Kudos
8 REPLIES 8
Anthony_E
Community Manager
Community Manager

Created on ‎11-14-2023 09:06 PM

Hello Adem,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
1257
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎11-17-2023 12:26 AM

Hello Adem,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
1235
0 Kudos
heng
Staff
Staff

Created on ‎11-20-2023 04:37 PM

Hi there, 

 

May I know what is the ask here to be more specific? You want to look at the formatted log (Under GUI Analytic) or the achieve log via GUI? 

NSE8
1201
adem_netsys
Contributor
In response to heng

Created on ‎11-29-2023 11:43 AM

Hi, i'm sorry for late reply. For example, we want the products in the customer environment to send logs only to the collector, but there were products that sent logs to the supervisor before. Can I see where the log is coming to the supervisor on the gui?

1102
0 Kudos
Richie_C
Staff
Staff
In response to adem_netsys

Created on ‎12-06-2023 09:35 AM

Hi 

I'm thinking that you could achieve it with an analytics search. I don't actually have a collector in my test setup, but my idea is to search all logs and then aggregate the search with reporting IP and collector name or collector id. Then use the count function as per the screenshot. I'm not sure if it will work if you have loads of events, but maybe you could play around with the filters to help narrow down the search.

 

I hope it helps!

Take a backup before making any changes
Preview file
92 KB
1057
0 Kudos
adem_netsys
Contributor
In response to Richie_C

Created on ‎12-07-2023 11:08 AM

Hi @Richie_C,

 

thanks for all your help, you have been very helpful

1029
0 Kudos
heng
Staff
Staff
In response to adem_netsys

Created on ‎12-07-2023 08:25 AM Edited on ‎12-07-2023 08:25 AM

Richie is right, you can use the "change display fields" under the analytic to filter accordingly. E.g. if you see the Collector ID=1, that's mean the logs is sending to the supervisor while other not equal to 1 will be the corresponding collector with Collector ID=10002 for instance.

 

image.png

 

NSE8
1040
0 Kudos
adem_netsys
Contributor
In response to heng

Created on ‎12-07-2023 11:08 AM

Hi @heng 

 

thanks for all your help :)

1028
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.