Hi,
I'm trying to retrieve from my fgt, using Rest API commands, a list of devices order by opened sessions, in order to automate a block policy.
I'm able to query, add remove addresses or change group but I'm unable to query Fortiview information.
Has someone experienced with Rest API and could suggest me documentation and example about that?
tnx
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Secret tip: Try running your browser network debugger when setting up the desired filter in the GUI. It will show you what the FortiGate itself request to retrieve the FortiView data.
To give an example for your specific query:
- search through currently open sessions (realtime=true)
- IPv4 (ip_version)
- group individual items by source-IP (report_by=source)
- sort by count of sessions (sort_by=sessions)
- from VDOM root (vdom)
- top 10 (count=10)
GET /api/v2/monitor/fortiview/statistics?realtime=true&ip_version=ipv4&report_by=source&sort_by=sessions&vdom=root&count=10
@pminarik wrote:Secret tip: Try running your browser network debugger when setting up the desired filter in the GUI. It will show you what the FortiGate itself request to retrieve the FortiView data.
To give an example for your specific query:
- search through currently open sessions (realtime=true)
- IPv4 (ip_version)
- group individual items by source-IP (report_by=source)
- sort by count of sessions (sort_by=sessions)
- from VDOM root (vdom)
- top 10 (count=10)
GET /api/v2/monitor/fortiview/statistics?realtime=true&ip_version=ipv4&report_by=source&sort_by=sessions&vdom=root&count=10
Thanks Pminarik, your secret tip is amazing!
only one more question:
Why if I try to use api with:
GET 'https://$FGTIP/api/v2/cmdb/firewall/address?access_token=$TOKEN'
it works and it return the adresses informations but if I use this one
GET 'https://$FGTIP/api/v2/monitor/fortiview/statistics?realtime=true&ip_version=ipv4&report_by=source&sort_by=sessions&vdom=root&count=10&access_token=$TOKEN'
it returns a 403 error? Token and execution host are the same.
thanks
403 error may be a permission issue. Please check if your API user is assigned an admin profile with at least read-only access to FortiView. (called "ftviewgrp" in CLI)
If that's not the issue, run httpsd debug while reproducing the issue so that we can get a better idea of what's happening.
1, Make sure nobody is logged into the GUI (to avoid noise in debugs)
2, In SSH/console, start the debug:
diag debug enable
diag debug app httpsd -1
3, Reproduce the issue with your API call
4, Stop debugs:
diag debug reset
diag debug disable
Pminarik thanks again, you were right!
My issue was about a too low permission user.
increased and now everithing is working fine.
thx!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1516 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.