Fortigate security event searches

tor · July 29, 2021, 10:16am

Those that monitor their fortigate firewall. What do you search for security events?
search query
gl2_source_input:601e791d92c03962c4dc36f8 AND type: event AND (subtype: system OR subtype: vpn) AND (logdesc: “Configuration changed” OR logdesc: “Authentication error” OR logdesc: “Application crashed”)

gsmith · July 29, 2021, 9:56pm

Hello,

Our FortiGate firewalls get monitored by Zabbix and Graylog.
The environment setup on Graylog consist some of the following.

Firewall: Configuration Changed
Firewall: User Logon
Firewall: User Failed Logon

As for a dashboard we monitor any little changes of traffic. Sorry I had to cut out personall info.

We had to use a few extractor to make this happen.
Create a INPUT just for Fortgate Firewall.
Make new fields from extractors.

This is probably something you may want.

Hope that helps

system · August 12, 2021, 9:57pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I have to integrate fortigate with graylog for 1 client, if i have another client same firewall fortigate, what are the configuration changes need to be done Graylog Central (peer support)	2	383	August 25, 2023
Pfsense configuration changes from Graylog Graylog Central (peer support)	4	1452	January 27, 2020
Firewall Logs creation Failed Graylog Central (peer support)	3	1622	December 12, 2019
Fortinet FG300E log collection error Graylog Central (peer support)	2	1148	October 2, 2019
Searching through graylog for FORTIGATE Reboot, shutdown and power up Graylog Central (peer support)	3	702	April 4, 2023

Fortigate security event searches

Related topics