- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rest Api - FGT - 6.4.2 - Fortiview
Hi,
I'm trying to retrieve from my fgt, using Rest API commands, a list of devices order by opened sessions, in order to automate a block policy.
I'm able to query, add remove addresses or change group but I'm unable to query Fortiview information.
Has someone experienced with Rest API and could suggest me documentation and example about that?
tnx
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Secret tip: Try running your browser network debugger when setting up the desired filter in the GUI. It will show you what the FortiGate itself request to retrieve the FortiView data.
To give an example for your specific query:
- search through currently open sessions (realtime=true)
- IPv4 (ip_version)
- group individual items by source-IP (report_by=source)
- sort by count of sessions (sort_by=sessions)
- from VDOM root (vdom)
- top 10 (count=10)
GET /api/v2/monitor/fortiview/statistics?realtime=true&ip_version=ipv4&report_by=source&sort_by=sessions&vdom=root&count=10
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@pminarik wrote:Secret tip: Try running your browser network debugger when setting up the desired filter in the GUI. It will show you what the FortiGate itself request to retrieve the FortiView data.
To give an example for your specific query:
- search through currently open sessions (realtime=true)
- IPv4 (ip_version)
- group individual items by source-IP (report_by=source)
- sort by count of sessions (sort_by=sessions)
- from VDOM root (vdom)
- top 10 (count=10)
GET /api/v2/monitor/fortiview/statistics?realtime=true&ip_version=ipv4&report_by=source&sort_by=sessions&vdom=root&count=10
Thanks Pminarik, your secret tip is amazing!
only one more question:
Why if I try to use api with:
GET 'https://$FGTIP/api/v2/cmdb/firewall/address?access_token=$TOKEN'
it works and it return the adresses informations but if I use this one
GET 'https://$FGTIP/api/v2/monitor/fortiview/statistics?realtime=true&ip_version=ipv4&report_by=source&sort_by=sessions&vdom=root&count=10&access_token=$TOKEN'
it returns a 403 error? Token and execution host are the same.
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
403 error may be a permission issue. Please check if your API user is assigned an admin profile with at least read-only access to FortiView. (called "ftviewgrp" in CLI)
If that's not the issue, run httpsd debug while reproducing the issue so that we can get a better idea of what's happening.
1, Make sure nobody is logged into the GUI (to avoid noise in debugs)
2, In SSH/console, start the debug:
diag debug enable
diag debug app httpsd -1
3, Reproduce the issue with your API call
4, Stop debugs:
diag debug reset
diag debug disable
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Pminarik thanks again, you were right!
My issue was about a too low permission user.
increased and now everithing is working fine.
thx!