Fortinet FortiAnalyzer-100A, Administration Manual

Page 1: ...www fortinet com FortiAnalyzer Version 3 0 MR3 A D M I N I S T R A T I O N G U I D E...

Page 2: ...ortiBIOS FortiBridge FortiClient FortiGate FortiGuard FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGuard Web FortiLog FortiAnalyzer FortiManager Fortinet FortiOS FortiPartner For...

Page 3: ...de 15 FortiAnalyzer documentation 16 Fortinet Tools and Documentation CD 17 Fortinet Knowledge Center 17 Comments on Fortinet technical documentation 17 Customer service and technical support 17 Insta...

Page 4: ...g disks 33 Restoring a FortiAnalyzer unit 33 Restoring a FortiAnalyzer 100 or FortiAnalyzer 400 33 Restoring a FortiAnalyzer 100A 100B 800 2000 and 4000 4000A 34 Changing the firmware 35 Changing the...

Page 5: ...ing RAID on the FortiAnalyzer 2000 and FortiAnalyz er 4000 4000A 55 Maintenance 57 Backup Restore 57 Update center 58 RAID levels 59 Linear 60 RAID 0 60 RAID 1 60 RAID 5 60 RAID 10 61 RAID 50 61 RAID...

Page 6: ...w 83 Customizing the log column views 83 Filtering logs 84 Filtering tip 84 Search the logs 84 Basic search 85 Advanced search 85 Search tips 86 Printing the search results 86 Log rolling 86 Content a...

Page 7: ...9 Viewing Instant Messaging and P2P traffic 109 Filtering traffic summaries 110 Filtering tip 111 Device Summary 111 Traffic Report 112 Configuring a traffic report 112 Viewing traffic summary reports...

Page 8: ...IB System Traps 136 FortiGate MIB Logging Traps 136 FortiGate MIB VPN Traps 136 Fortinet MIB System fields 136 Fortinet Administrator Accounts 136 Fortinet Options 136 Fortinet Active IP Sessions 137...

Page 9: ...0003 0082 20060925 9 Search the network traffic logs 146 Basic search 146 Advanced search 146 Search tips 147 Printing the search results 147 Log rolling 147 Vulnerability scan 151 Modules 151 Jobs 15...

Page 10: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 10 05 30003 0082 20060925 Contents...

Page 11: ...led reports that can be scheduled or generated on demand to basic traffic sniffing and real time network monitoring This section introduces you to the FortiAnalyzer appliance and includes the followin...

Page 12: ...vices Supported 200 FortiGate units or VDOM licenses Supports FortiGate 50A to FortiGate 800 only FortiClient installations Supported 2000 AC Input Voltage 100 240V 4Amp Max Ports 2 10 100 Ethernet po...

Page 13: ...te units or VDOM licenses Supports all FortiGate models FortiClient installations Supported 5000 AC Input Voltage 100 240V 9Amp Max Ports 2 gigabit ethernet ports Memory 1 GB Disk Drives 12 x 250GB ho...

Page 14: ...s included in the report Data mining The FortiAnalyzer unit provides data mining features that enables you to easily access simple reports to obtain information on the intrusion attempts on your netwo...

Page 15: ...FortiGate unit and a FortiAnalyzer 100A 100B to collect local log information The headquarters has a FortiAnalyzer 2000 as the central log aggregator Quarantine For FortiGate units that do not have a...

Page 16: ...them on the FortiAnalyzer hard disk Vulnerability scan describes how to set up vulnerability scans and view the generated reports Reports describes how to create report profiles for running regular re...

Page 17: ...ledge center contains short how to articles FAQs technical notes product and feature guides and much more Visit the Fortinet Knowledge Center at http kc forticare com Comments on Fortinet technical do...

Page 18: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 18 05 30003 0082 20060925 Customer service and technical support Introduction...

Page 19: ...unit Upgrading the FortiAnalyzer firmware Backing up the FortiAnalyzer hard disk Shutting down the FortiAnalyzer unit Planning the installation You can add the FortiAnalyzer unit to your local networ...

Page 20: ...tion make sure that the appliance has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling Mechanical loading You can mount the FortiAnalyzer 800 FortiAnalyzer...

Page 21: ...1 IP 192 168 1 99 Netmask 255 255 255 0 Management Access HTTP HTTPS PING SSH Port 2 IP 192 168 2 99 Netmask 255 255 255 0 Management Access HTTP HTTPS PING SSH Port 3 IP 192 168 3 99 Netmask 255 255...

Page 22: ...Administrator account User name admin Password none Port 1 IP 192 168 1 99 Netmask 255 255 255 0 Management Access HTTP HTTPS PING SSH Port 2 IP 192 168 2 99 Netmask 255 255 255 0 Management Access HT...

Page 23: ...version 6 0 or higher or other current popular web browser on the management computer To connect to the web based manager 1 Connect the Port1 interface of the FortiAnalyzer unit to the Ethernet port o...

Page 24: ...port The CLI supports the same configuration and monitoring functionality as the web based manager To connect to the FortiAnalyzer unit through the console 1 Use a null modem cable to connect the seri...

Page 25: ...address information and select Enter to select a menu option or number in the IP address Upgrading the FortiAnalyzer firmware Upgrade the FortiAnalyzer firmware using the instructions in the topic Ch...

Page 26: ...e the log information to the FortiAnalyzer hard disk execute restore logs device ftp_ip_address ftp_username ftp_password ftp_dir Shutting down the FortiAnalyzer unit When powering off the FortiAnalyz...

Page 27: ...shboard Network settings Administrator settings Network sharing Configuring the FortiAnalyzer unit Maintenance RAID levels Dashboard The system dashboard provides a view of the current operating statu...

Page 28: ...he firmware installed on the FortiAnalyzer unit Select Update to upload a new version of the firmware For details on updating the firmware see Changing the firmware on page 35 CPU Usage The current CP...

Page 29: ...available if your access privileges include write permissions Support Contract The support contract number and expiry date RVS Engine The version of the RVS engine Select Update to upload a new versi...

Page 30: ...firmware version This also includes resetting the IP address and netmask You will need to reconnect to the FortiAnalyzer device using the default IP address of 192 168 1 99 CPU Usage The CPU usages fo...

Page 31: ...right corner of the Alert Message Console area Figure 3 Alert messages To Port The destination port of the connection Expires Secs The time in seconds remaining before the connection terminates Page...

Page 32: ...box for alert messages you want to delete and select the delete icon System Time The current FortiAnalyzer system date and time Refresh Update the display of the current FortiAnalyzer system date and...

Page 33: ...Analyzer unit is unresponsive to the web based manager or the CLI The cause may be a corrupted firmware image Restoring a FortiAnalyzer 100 or FortiAnalyzer 400 To use the following procedure you must...

Page 34: ...ges appears Press any key to display configuration menu Immediately press any key to interrupt the system startup If you successfully interrupt the startup process the following messages appears G Get...

Page 35: ...unit maintains the your configuration settings Back up the FortiAnalyzer unit configuration before beginning this procedure For information see Backup Restore on page 57 To change the firmware using t...

Page 36: ...to 20 characters long Network settings Use the network settings to configure the FortiAnalyzer unit to operate in your network Basic network settings include configuring FortiAnalyzer interfaces DNS s...

Page 37: ...ess to an interface to control how administrators access the FortiAnalyzer unit and the FortiAnalyzer interfaces that administrators can connect to Select from the following administrative access opti...

Page 38: ...options and select OK Primary DNS Server Enter the primary DNS server IP address that the FortiAnalyzer unit can connect to Several of the FortiAnalyzer functions use DNS Secondary DNS Server Enter a...

Page 39: ...ministrators 2 Select Create New 3 Configure the following options and select OK Name The assigned name for the administrator Trusted Hosts The IP address where the administrator can log into the Fort...

Page 40: ...ccess profiles that you assign to administrators For each profile you can define what access privileges are granted For example you can have a profile where the administrator only has read and write a...

Page 41: ...name for the profile 4 Select a filter for each option Auth Groups The Auth Groups page enables you to group RADIUS servers in to logical arrangements To add a group you must first have at least one...

Page 42: ...ould the need arise To monitor current administrators go to System Admin Monitor Name Enter a name to identify the server Server IP Name Enter the IP address for the server Shared Secret Enter the pas...

Page 43: ...not be aware of other devices or ADOMs on the FortiAnalyzer unit Similar to the web based manager users who access the CLI for their ADOM are not able to see data or configuration settings for other...

Page 44: ...ar the check box 3 Select OK Configuring ADOM settings The default configuration of a FortiAnalyzer contains only the Global Configuration You must create and configure new ADOMs When Admin Domain Con...

Page 45: ...ve store and access information on the FortiAnalyzer hard disk as an alternate means of storing important files and work Users can also access the reports and logs saved on the FortiAnalyzer hard disk...

Page 46: ...he group account 4 Select the users from the Available Users area and select the Right arrow to add them to the group To remove a user select a user from the Members area and select the Left arrow 5 S...

Page 47: ...oups configure the files and folders the users can access and their read and read write access privileges Figure 12 Windows sharing configuration Local Path The path the user has permission to connect...

Page 48: ...Windows sharing To view a list of users with NFS share access to the FortiAnalyzer unit including access privileges go to System Network Sharing NFS Export Figure 13 Viewing user access To add a new...

Page 49: ...These options are set in the CLI For more information see the config nas share command in the FortiAnalyzer CLI Reference Configuring the FortiAnalyzer unit Use the system config to setup and maintain...

Page 50: ...he FortiAnalyzer hard disk The FortiAnalyzer unit logs all levels of severity down to but not lower than the level you select For example if you want to record emergency critical and error messages se...

Page 51: ...size the FortiAnalyzer unit saves the log files with an incremental number and starts a new log file with the same name Log file should be rolled Set the frequency of when the FortiAnalyzer unit saves...

Page 52: ...ed devices using SSH on port 22 This does not include quarantined files It does include the active log to the point of aggregation tlog log for example and all rolled logs available on the client hard...

Page 53: ...New 3 Enter a name for the IP address in the Alias box 4 Enter the IP address and select OK Importing an IP alias list file For large listings of IP address and names you can also import a text file...

Page 54: ...example 10 10 10 1 10 10 10 50 10 10 10 1 10 10 20 100 10 10 10 RAID Configuring RAID on the FortiAnalyzer 400 and FortiAnalyzer 800 The FortiAnalyzer 400 and FortiAnalyzer 800 have four hot swappable...

Page 55: ...are appears as a separate unit Status The status of the RAID For example when starting a RAID array Initializing appears When the RAID disk is functioning normally OK appears Size The total size of th...

Page 56: ...he hard disk configurations Unit The hard disk grouping Type The setting for the unit When employing a RAID level that includes a hot spare the hard disk assigned as a hot spare appears as a separate...

Page 57: ...configuration Backup configuration to Currently the only option is to back up to your local PC Encrypt configuration file Select to encrypt the backup file Enter a password in the Password field and...

Page 58: ...t The FortiAnalyzer unit supports the following definition update features User initiated updates from the FDN Hourly daily or weekly scheduled antivirus and attack definition updates from the FDN Upd...

Page 59: ...ribution Network stays set to not available the FortiAnalyzer unit cannot connect to the override server Check the FortiAnalyzer configuration and the network configuration to make sure you can connec...

Page 60: ...mation to one hard disk and writes a copy a mirror image of all information to all other hard disks The total disk space available is that of only one hard disk as the others are solely used for mirro...

Page 61: ...that a hard disk fails within a minute of the failure the FortiAnalyzer unit automatically substitutes the hot spared disk drive and rebuilds the data to integrate the hard disk into the RAID array W...

Page 62: ...e face place unlock the drive and pull out the drive 4 Insert the new hard disk into the empty drive bay on the FortiAnalyzer unit reversing the steps above 5 Select Return from the web based manager...

Page 63: ...escan The FortiAnalyzer disk controller scans the available hard disks and updates the RAID array for the remaining hard disks The RAID array status will be Degraded 5 Insert the new hard disk into th...

Page 64: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 64 05 30003 0082 20060925 RAID levels Configure the FortiAnalyzer unit...

Page 65: ...Syslog server Device Groups Blocked Devices Devices List The devices list displays a listing of devices configured to connect and send log packets or messages to the FortiAnalyzer unit Figure 21 Devic...

Page 66: ...FortiAnalyzer unit directly from the device This feature is only available on FortiGate units running FortiOS 3 0 This permission will appear red unavailable for Syslog devices by default For a FortiM...

Page 67: ...feature within FortiOS 3 0 for all FortiGate units It is a protocol where a FortiGate unit and a FortiAnalyzer unit are able to discover one another and configure themselves automatically On the Forti...

Page 68: ...eives message packets from a FortiGate unit the FortiAnalyzer unit adds the FortiGate unit to the list of unregistered devices To register a FortiGate unit to send log messages to the FortiAnalyzer un...

Page 69: ...iGate unit s name in the devices list Administrative Domain Select the administrative domain ADOM that the device will be associated with This selection is visible when using the ADOM feature For more...

Page 70: ...s as one of None LAN WAN or DMZ to match the type of traffic the interface will process When the FortiAnalyzer unit generates the traffic log report the FortiAnalyzer unit compares the source and dest...

Page 71: ...lowing options and select OK Unlike other devices a FortiClient connection can only send log messages to the FortiAnalyzer unit You cannot configure it so that a user can view their log messages or sp...

Page 72: ...FortiManager unit s serial number If you are adding a new FortiManager unit that is not already in the unregistered list enter the FortiManager unit s serial number The FortiManager unit s serial num...

Page 73: ...rtiAnalyzer 1 Go to Device All 2 Select Unregistered from the Show list and select Add from the Action column for the syslog device or Select Add Device 3 Set the following options Device Type Select...

Page 74: ...Go to Device Groups 2 Select Create New 3 Enter a name for the group 4 Select the devices to include in the group from the list of Available Devices and select the right pointing arrow 5 Select OK Blo...

Page 75: ...All Blocked Devices Figure 22 List of blocked devices Device ID The name or serial number of the blocked device Hardware Model The type of device for example FortiGate FortiManager or Syslog server I...

Page 76: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 76 05 30003 0082 20060925 Blocked Devices Devices...

Page 77: ...gs Log rolling Log Viewer The log viewer enables you to view logs from registered devices The Log Viewer has two types of log viewing options Real time logs display log message updates as the log mess...

Page 78: ...ear on the page For details see Customizing the log column views on page 83 Formatted Raw Select a view of the log file Selecting Formatted the default displays the log files in columnar format Select...

Page 79: ...ct a view of the log file Selecting Formatted the default displays the log files in columnar format Selecting Raw displays the log information as it actually appears in the log file Resolve Host Name...

Page 80: ...t when generating a printable version Note Searches using characters will not include results from the Traffic logs Traffic logs include information for source and destination IP addresses and ports w...

Page 81: ...ed from the device Size bytes The size of the log file Action Select Delete to remove the log file from the FortiAnalyzer hard disk Select Download to save the log file to your local hard disk Select...

Page 82: ...log type 3 In the Action column select Download Column Settings Select to change the columns to view and the order they appear on the page For details see Customizing the log column views on page 83...

Page 83: ...columns 1 When viewing a log file select Column Settings A list of columns available for the log type appears 2 In the Available Fields area select a column name and select the right arrow to move th...

Page 84: ...he column and select Reset Filter Filtering tip When filtering by source or destination IP you can use the following in the filtering criteria a single address 2 2 2 2 an address range using a wild ca...

Page 85: ...f the results will include entries from the Traffic log To get results from the traffic log you must search on the IP address of User1 For example 10 10 10 1 Search Select to begin searching the logs...

Page 86: ...esults The FortiAnalyzer unit enables you to produce a hard copy of the results of a search which you can email save to a local hard disk or print After completing a search the results include a Print...

Page 87: ...Protocol SCP Server IP address Enter the IP address of the FTP server Username Enter the user name to connect to the FTP server The user name has a default of anonymous Password Enter the password re...

Page 88: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 88 05 30003 0082 20060925 Log rolling Logs...

Page 89: ...nformation to the FortiAnalyzer unit see the FortiGate Administration Guide This section includes the following topics Content viewer Customizing the content log view Log rolling Content viewer The co...

Page 90: ...Column Settings A list of available columns for the log type appears Resolve Host Name Select to view the client IP address as a real name You must configure the IP aliases on the FortiAnalyzer for th...

Page 91: ...icon and select Reset Filter When viewing real time logs you cannot filter on the time column because the time will always be the current time Filtering tip When filtering by source or destination IP...

Page 92: ...file reaches the specified maximum size the FortiAnalyzer unit saves current content log file with an incremental number and starts a new active log file Log file should be rolled Set the time of day...

Page 93: ...ct a specific time of the day when the FortiAnalyzer unit rolls the content log file The FortiAnalyzer unit will upload at the configured time no matter what the size of the log file is or when it may...

Page 94: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 94 05 30003 0082 20060925 Log rolling Content archive...

Page 95: ...amount of disk space to allocate for storing quarantine files sent from the FortiGate units The FortiAnalyzer unit divides the amount of disk space you allocated for files evenly between all register...

Page 96: ...Enter to see the page View per page Select the number of quarantined files to view on a single page From Device The name of the device where the quarantined file originated File Name The processed fi...

Page 97: ...twork information This includes the users IP address user name IM name s and email address es Adding users Add users to the FortiAnalyzer analysis list for tracking When adding a user you include thei...

Page 98: ...rrow 5 Select OK Lookup The Lookup provides a method of finding additional user information For example if you know the user s email address you can use the lookup to find the IP address or instant me...

Page 99: ...what you have selected and its relationship to each other Below this statement a list of available data will appear Select the check box beside each entry to add the data to the user information User...

Page 100: ...ve from a FortiGate unit on its hard disk for all information based on the criteria entered and displays the number if results for each criteria Figure 37 Search results Select View for the log inform...

Page 101: ...al reports similar to the network reporting functionality The reports provide detailed information on a users website access blocked web access email and FTP and IM usage during a specific period on y...

Page 102: ...include in the report Company Name Enter the name of your company department or branch Header Comment Enter a title or information to include in the header of the report Footer Comment Select the inf...

Page 103: ...ist enter the appropriate information This setting is available when using the User Analysis Report Category Group Select to generate a report on a specific user group This setting is available when u...

Page 104: ...format for the report Configure the FortiAnalyzer unit to either save the reports to the FortiAnalyzer hard disk or email the report to any number of recipients or both When configuring the FortiAnaly...

Page 105: ...l attachment Select from the following HTML Adobe PDF MS Word format RTF ASCII Text Multi purpose Internet Mail Extension HTML format MHT Email subject Enter a subject to the email FortiAnalyzer sends...

Page 106: ...yzer unit saves the report files Upload report s in gzipped format Select to compress the report files as gzip files before uploading to the FTP server Delete file s after uploading Select to delete t...

Page 107: ...units are that may be affecting overall network traffic Hourly reports are updated every ten minutes weekly daily and monthly reports are updated every hour These reports can help you in determining...

Page 108: ...feature to work correctly you must set the IP aliases For details see IP Aliases on page 53 Firewall The name of the FortiGate unit Host Source The IP address of the FortiGate unit Traffic The amount...

Page 109: ...mber of outgoing email messages that occurred within the period download The number of incoming email messages that occurred within the period FTP activity within the last Select a time frame for view...

Page 110: ...ing the IM traffic View Select a device or group of devices View per page Select the number of log messages displayed on each page Page Enter the page number you want to display and press Enter Search...

Page 111: ...1 1 1 1 or 2 2 2 1 1 1 1 or 2 2 2 1 2 2 2 10 Device Summary The device summary provides a graphical analysis of the network traffic by FortiGate unit The summary provides graphical details in real tim...

Page 112: ...traffic summary reports To view generated the reports go to Network Summary Traffic Report Browse Figure 49 Browse generated traffic summary reports Device Select a device or device group Time frame...

Page 113: ...Select a device or group of devices that the FortiAnalyzer unit runs the report against The FortiAnalyzer unit uses the logs for the selected device s Run Engine Select to generate either a daily repo...

Page 114: ...s Intrusion and Suspicious Frequency The time when the FortiAnalyzer unit runs a report Devices Groups The device or group of device logs the FortiAnalyzer unit uses when generating the report Thresho...

Page 115: ...rce IP address of the firewall Virus The name of the virus Last Activity The date and time of the last incident of the virus Count The number of incidents made by the virus on the network Action Selec...

Page 116: ...wing Suspicious activity Count The number of intrusion incidents on the network Action Select Details to display any additional information for the entry The details window displays further details of...

Page 117: ...he firewall Host Source The source IP address of the firewall Last Activity The date and time of the last high session activity Number of Sessions The number of incidents made by the virus on the netw...

Page 118: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 118 05 30003 0082 20060925 Security event summaries Traffic summary and security events...

Page 119: ...network usage and patterns discover and address vulnerabilities across dispersed device installations minimize the effort required to monitor and maintain acceptable user policies identify attack pat...

Page 120: ...le and configure its settings and schedule The number of report profiles on the FortiAnalyzer unit Report The name of the report profile Device s The device or device group included in the configured...

Page 121: ...devices or groups of devices to include in the report Report Scope Select the filtering information and time range for the reporting period FortiGate Report Type s Select the reports to include Report...

Page 122: ...blue arrow to expand the Time Period options Select a time span for the report period or select a specific time frame When the FortiAnalyzer unit generates the report it uses the log data found withi...

Page 123: ...to select sources by name For details on adding IP Aliases see IP Aliases on page 53 Use a comma to separate multiple sources Select Not to exclude the destination IP address from the report For examp...

Page 124: ...the service from the report For example do not include any information from a specific service in the log report Message s Enter specific email messages you want the report to include from the email r...

Page 125: ...tion and format for the report Configure the FortiAnalyzer unit to either save the reports to the FortiAnalyzer hard disk or email the report to any number of recipients or both When configuring the F...

Page 126: ...rtiAnalyzer unit sends as an email attachment Select from the following HTML Adobe PDF MS Word format RTF ASCII Text Multi purpose Internet Mail Extension HTML format MHT Email subject Enter a subject...

Page 127: ...ading server Select from File Transfer Protocol FTP Secure File Transfer Protocol SFTP Secure Copy Protocol SCP IP address Enter the IP address of the FTP server Username Enter the user name to log on...

Page 128: ...formation or add logos to the reports Page Navigation Enter a page number to display reports when a report list spans multiple pages Select Go to move to the page Use the page forward and page back ar...

Page 129: ...roll up reports when viewing the HTML file format When you view the report in one of the alternate formats only the right frame with the report information is included To view individual reports 1 Go...

Page 130: ...number Subtype 00 system System activity event 01 ipsec IPSec negotiation event 02 dhcp DHCP service event 03 ppp L2TP PPTP PPPoE service event 04 admin admin event 05 ha HA activity event 06 auth Fir...

Page 131: ...events that the FortiAnalyzer unit monitors for and what it should do when encountering the alert To view configured alert events go to Alert Alert Event Figure 63 Alert events list Adding an alert ev...

Page 132: ...Warning Error Critical Alert and Emergency Generic Text Select to add a standard text response for the alert notification Threshold Set the threshold or log message level frequency that the FortiAnal...

Page 133: ...e you can select it as a way for the FortiAnalyzer unit to communicate an alert For a list of supported MIBs and traps see FortiAnalyzer traps on page 136 To view the SNMP servers go to Alert Output S...

Page 134: ...yzer unit to communicate an alert To view the SNMP servers go to Alert Output Syslog Server Create New Select to add a new SNMP server Name The name given to the SNMP server Community Name The communi...

Page 135: ...rtinet proprietary MIBs as well as Fortinet supported standard MIBs into your SNMP manager RFC support includes support for most of RFC 2665 Ethernet like MIB and most of RFC 1213 MIB II The FortiAnal...

Page 136: ...agers that you have added to SNMP communities To receive traps you must load and compile the Fortinet 3 0 MIB into the SNMP manager The FortiAnalyzer unit supports the following MIBs and traps FortiGa...

Page 137: ...P Sessions fnIpSessIndex fnIpSessProto fnIpSessFromAddr fnIpSessFromPort fnIpSessToAddr fnIpSessToPort fnIpSessExp RFC 1213 MIB II mib 2 system mib 2 interface mib 2 at mib 2 ip mib 2 icmp mib 2 tcp m...

Page 138: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 138 05 30003 0082 20060925 Output Alerts...

Page 139: ...er for analyzing network traffic Traffic viewer Browsing network traffic logs Customizing the traffic analyzer log view Search the network traffic logs Log rolling Connecting the FortiAnalyzer for ana...

Page 140: ...p changes to Start Select Start to continue the real time traffic viewing Column Settings Select to change the columns to view and the order they appear on the page For details see Customizing the log...

Page 141: ...the network traffic log files in columnar format Selecting Raw displays the network traffic log information as it actually appears in the log file Resolve Host Names Select to display host names by a...

Page 142: ...ake a long time to load The printable version takes all filter settings into account when generating a printable version Log Time The date and time the packet transmitted Source The IP address of the...

Page 143: ...Figure 70 Viewing log data Log files A list of log files on the FortiAnalyzer unit Last Modified The last time the log was updated from the device Size bytes The size of the log file Action Select De...

Page 144: ...Select Go to jump to the page Column Settings Select to change the columns to view and the order they appear on the page For details see Customizing the log column views on page 145 Search Enter a ke...

Page 145: ...ning of the columns 1 When viewing a historical network traffic log file select Column Settings A list of columns available for the log type appears 2 Select a column name 3 Select the up and down arr...

Page 146: ...searches Basic search Advanced search Basic search The basic search performs a simple search of the network traffic log files on the FortiAnalyzer unit The FortiAnalyzer unit maintains a search histo...

Page 147: ...the results include a Printable Version link Select the link to create an HTML version of the results Log rolling Log rolling is a way to control the network traffic log file size and space used on t...

Page 148: ...xlog n log where n is the number of rolled logs For example xlog 4 log To enable log rolling go to Tools Network Analyzer Config Figure 73 Log rolling settings Enable Network Analyzer on Select the po...

Page 149: ...ress of the FTP server Username Enter the user name required to connect to the FTP server The user name has a default of anonymous Click the field to enter a different user name Password Enter the pas...

Page 150: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 150 05 30003 0082 20060925 Log rolling Network Analyzer...

Page 151: ...describes how to set up vulnerability scans and view the reports generated by the FortiAnalyzer unit This section includes the following topics Modules Jobs Reports Modules The Modules page provides...

Page 152: ...75 List of staged vulnerability scan jobs View modules with severity Select the severity level and a condition for the level of the severity Select from the following less than and equal to greater t...

Page 153: ...s Enter the IP addresses or range of addresses of the device or hosts you want the FortiAnalyzer to scan and select Add You can add as many devices or hosts as required To remove a device select Remov...

Page 154: ...s an email attachment Select from the following HTML Adobe PDF MS Word format RTF Email subject Enter a subject to the email FortiAnalyzer sends When not selected the subject line is the name of the r...

Page 155: ...To view generated reports go to Tools Vulnerability Scan Reports Figure 76 Browse generated Vulnerability Scan reports Job Name The name of the vulnerability scan job entered when setting up the job...

Page 156: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 156 05 30003 0082 20060925 Reports Vulnerability scan...

Page 157: ...policy 50 configure the FortiGate unit 68 connecting for analyzing network traffic 139 the FortiAnalyzer unit 20 to the web based manager 23 connection sessions 29 content archive 89 content logs dele...

Page 158: ...port interfaces 70 pre shared key 69 FortiManager 72 device ID 72 disk space 72 groups 73 secure connection 72 FortiProtect Distribution Network 58 FortiProtect Distribution Server 58 FortiScan 29 FT...

Page 159: ...port 514 66 interfaces 70 power down 29 power off 26 pre shared key FortiGate unit 69 profile reports 101 112 119 properties 49 protocol syslog 66 Q quarantine disk space 95 duplicate count 96 ticket...

Page 160: ...105 126 154 suspicious activity report 116 events 29 sync interval 32 syslog protocol 66 syslog server 73 134 disk space 73 groups 74 system settings 50 restore default 30 32 system time 28 T TELNET 3...

Page 161: ...www fortinet com...

Page 162: ...www fortinet com...