Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tanr
Valued Contributor II

FortiSwitch logging and useful events

Hi All,

 

I've moved one of our locations over to FortiGate managed FortiSwitches, as part of a 5.6 Security Fabric.  It's actually gone pretty smoothly, though I am doing some direct CLI setting of the FortiSwitches for a few things.

 

I found I needed to set 

    config switch-controller switch-log

        set severity notification

to get enough useful logs.  These show up as system events on the FortiAnalyzer.  Oddly, a bunch of them show up with level=information.

 

I added a custom event handler to the FortiAnalyzer so that BPDU Guard shutting down a port will notify me:

    Log Type: Event Log

    Generic Text Filter: msg ~ "BPDU Guard: BPDU detected"

 

I found this useful since I set BPDU Guard on all edge ports and it catches bad configurations or malicious devices.  It also helped me discover our Sonos system does its own BPDUs - fun, fun.

 

I'm curious what useful or non-standard FortiSwitch events others might have created custom events for?

Or docs with possible FortiSwitch events, beyond the four types listed in the CLI (event, router, system, user)?

5 REPLIES 5
bmduncan34
New Contributor III

Funny no one responded to your post.  I've got 39 Fortiswitches and I'd like my FortiAnalyzer to give me useful events from them too.  What you already provided in your question was useful to me though!  Thanks.

Tezro

No answer -because it's a bad type of question ...

 

The right one is "where I can buy fortigate / fortiswitch / forti ...?" -in this case you would collect a lot of answers, every with contact mail / phone

bmduncan34

Not clear why it's a bad question.  I used the information there to get very helpful alerts related to SFP optics losing power and causing Fortilink problems.  Can you explain what you meant?

MikePruett

Tezro is wrong. There is nothing wrong with the recommendation or his following questions.

 

He provides info into how to gain more quality logging and then asks if anyone has any other good use cases to make those events that are being logged useful.

Tezro

it's quite simple ... questions appear after purchasing Fortinet equipment and there are no people willing to answer... This is what I meant and I am certainly not mistaken This applies to many issues - for example Fortigate support for LTE modems The marketing answer is "yeah, of course our equipment works with LTE modems!" The technical answer is: "well, they do work, but only specific models of selected manufacturers and with a specific firmware" -but you will find out about it until you spend a few nights looking for a solution to the problem -I checked personally ... @FortinetGuru I would ask for a specific solution: how to configure Fortswitch so that device statistics can be read via SNMP and sFlow - Fortiswitch is controlled by Fortigate for ease of use ... Despite all the splendor, the universal functionality of the set: Fortigate + FortiLink + Fortiswitch etc etc, somehow I can't find such an option (I can see traffic in the Dashboard but for the entire VLAN, not the specific network traffic of port 17 in the switch) For me it matters and it is much more important than the next bugged version of FortiOS 7 with 170 "new features" instead of fixing nightmarish bugs in FortiOS 6.2 and 6.4 or simply put into F generation at least 4Gigs of RAM to avoid legendary "memory conserve mode" -it would cost maybe 10$ more in production but saves a lot of careers ;^) Well, I'm just a technician, not a marketer

 

Cheers and good health! T