Help
FortiSIEM Discussions
samlouis55
New Contributor

Created on ‎01-08-2024 08:17 AM

Could not get login metrics from Fortigate devices in FortiSIEM

Hello,

I am testing FortiSIEM in a DEV environment. I have two physical fortigates (60f & 70F) & 2 Fortigate VMs. I have connected the physical fortigates to FortiSIEM through the API credentials. The only metrics i got for them in Analytics is regarding Fortigate performance. I don't get any log for user logins etc... I don't know what i am missing. I think as I was connecting throug API, all those metrics should be pulled by default.

Also, I have done a fortisiem workshop and do some labs with those metrics (fortigate admin-login-security) but I cannot get those logs in my dev environment.

Labels:
308
0 Kudos
1 REPLY 1
Secusaurus
Contributor

Created on ‎01-16-2024 01:40 AM

Hi samlouis,

 

Yes, that might be unclear at first glance. Have a detailed look at the documentation: https://docs.fortinet.com/document/fortisiem/7.1.1/external-systems-configuration-guide/751381/forti...

 

Via REST API, you can get a lot of information and metrics, but not the logs. For getting the logs (system logs in your case), you need to configure syslog.

 

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
212
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.