Fortinet FortiLog-100 Uživatelský manuál Strana 1

Procházejte online nebo si stáhněte Uživatelský manuál pro Software Fortinet FortiLog-100. Fortinet FortiLog-100 User's Manual Uživatelská příručka

  • Stažení
  • Přidat do mých příruček
  • Tisk
  • Strana
    / 124
  • Tabulka s obsahem
  • KNIHY
  • Hodnocené. / 5. Na základě hodnocení zákazníků
Zobrazit stránku 0
FortiLog
Administration Guide
1
4
FortiLog-100
FortiLog-400
8
FortiLog-800
FortiLog Administration Guide
Version 1.6
January 15, 2004
05-16000-0082-20050115
Zobrazit stránku 0
1 2 3 4 5 6 ... 123 124

Shrnutí obsahu

Strany 1 - Administration Guide

FortiLogAdministration Guide14FortiLog-100FortiLog-4008FortiLog-800FortiLog Administration GuideVersion 1.6 January 15, 200405-16000-0082-20050115

Strany 2

10 05-16000-0082-20050115 Fortinet Inc.About this guide IntroductionAbout this guideThis document describes how to set up and configure the FortiLog u

Strany 3 - Table of Contents

100 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceCommands Descriptionset log client <client_string> deviceid <id_st

Strany 4 - Contents

FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 101set log setting syslog remote server <server_ip> po

Strany 5

102 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceset log devtype <string> filters <string> Select the filter opt

Strany 6

FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 103set NASUse set NAS to configure the FortiLog NAS server s

Strany 7 - Introduction

104 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceset reportUse set report to configure the FortiLog report settings.set syst

Strany 8 - Operational Modes

FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 105set systeminterface <intf_str>configdenyaccessping

Strany 9 - Passive Mode

106 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceset systeminterface <intf_str>configdenyaccessping <return>http

Strany 10 - FortiLog documentation

FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 107set systemopmodeactive <return>passive <return&g

Strany 11 - Related documentation

108 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceCommands Descriptionset system admin username <name_str> password <

Strany 12

FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 109set system interface config stp_passthroughset system int

Strany 13

Introduction Related documentationFortiLog Administration Guide 05-16000-0082-20050115 11Related documentationAdditional information about Fortinet

Strany 14

110 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceunset branchUse unset to remove configuration of alert email, log, and syst

Strany 15 - Setting up the FortiLog unit

FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 111unset nas user <user name> Remove a user name.unset

Strany 16 - Dimensions

112 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI reference

Strany 17 - Planning the installation

FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 113Appendix A: Log Report TypesYour FortiLog unit is ca

Strany 18 - Connecting the FortiLog unit

114 05-16000-0082-20050115 Fortinet Inc.Appendix A: Log Report TypesFTP ActivityFTP reports record total FTP access activities including traffic direc

Strany 19 - Configuring the FortiLog unit

Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050115 115Terminal ActivityTerminal activity reports record total Terminal

Strany 20

116 05-16000-0082-20050115 Fortinet Inc.Appendix A: Log Report TypesIntrusion ActivityIntrusion activity reports record top network attacks and top at

Strany 21

Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050115 117Mail Filter ActivityMail filter activity reports record total an

Strany 22

118 05-16000-0082-20050115 Fortinet Inc.Appendix A: Log Report TypesVPN ActivityVPN activity reports record total VPN activities by a specific time an

Strany 23

Appendix A: Log Report Types FortiLog Administration Guide 05-16000-0082-20050115 119Content Traffic By Hour Of Day And ServiceHourly content traffic

Strany 24

12 05-16000-0082-20050115 Fortinet Inc.Related documentation IntroductionFortiManager documentation• FortiManager QuickStart GuideExplains how to inst

Strany 25 - Configuring FortiMail devices

120 05-16000-0082-20050115 Fortinet Inc.Appendix A: Log Report Types

Strany 26

FortiLog Administration Guide 05-16000-0082-20050115 121FortiLog Administration Guide Version 1.6IndexAaccess to files 82account levels 48active and

Strany 27

122 05-16000-0082-20050115 Fortinet Inc.IndexLlanguage setting 46, 109LCD panel 21log policy 45logsdownload FortiLog debug log 39importing 77informati

Strany 28 - Creating Device Groups

IndexFortiLog Administration Guide 05-16000-0082-20050115 123web-based managerconnecting 19idle timeout 46introduction 19language 46, 109windows sh

Strany 29 - Managing the FortiLog unit

124 05-16000-0082-20050115 Fortinet Inc.Index

Strany 30

Introduction Customer service and technical supportFortiLog Administration Guide 05-16000-0082-20050115 13Customer service and technical supportFor

Strany 31 - Changing operating modes

14 05-16000-0082-20050115 Fortinet Inc.Customer service and technical support Introduction

Strany 32 - Changing the firmware

FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 15Setting up the FortiLog unitThis chapter includes:• C

Strany 33

16 05-16000-0082-20050115 Fortinet Inc.Checking the package contents Setting up the FortiLog unitFigure 5: FortiLog front and back diagramsHardware sp

Strany 34 - command

Setting up the FortiLog unit Planning the installationFortiLog Administration Guide 05-16000-0082-20050115 17Power requirements• FortiLog-100• AC in

Strany 35 - Testing a new firmware image

18 05-16000-0082-20050115 Fortinet Inc.Connecting the FortiLog unit Setting up the FortiLog unitFigure 6: FortiLog connection optionConnecting the For

Strany 36

Setting up the FortiLog unit Configuring the FortiLog unitFortiLog Administration Guide 05-16000-0082-20050115 19Configuring the FortiLog unitUse th

Strany 37

© Copyright 2005 Fortinet Inc. All rights reserved.No part of this publication including text, examples, diagrams or illustrations may be reproduced,t

Strany 38

20 05-16000-0082-20050115 Fortinet Inc.Configuring the FortiLog unit Setting up the FortiLog unit6 Type admin in the Name field and select Login. Afte

Strany 39 - Backing up system settings

Setting up the FortiLog unit Configuring the FortiLog unitFortiLog Administration Guide 05-16000-0082-20050115 213 Set the primary DNS server IP add

Strany 40 - Restoring a FortiLog unit

22 05-16000-0082-20050115 Fortinet Inc.Configuring the FortiLog unit Setting up the FortiLog unit

Strany 41

FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 23Connecting to the FortiLog UnitIn order for FortiLog

Strany 42

24 05-16000-0082-20050115 Fortinet Inc.Sending device logs to the FortiLog unit Connecting to the FortiLog UnitFigure 7: FortiGate 2.8 log settings5 E

Strany 43 - Config > RAID

Connecting to the FortiLog Unit Sending device logs to the FortiLog unitFortiLog Administration Guide 05-16000-0082-20050115 25Figure 8: FortiGate 2

Strany 44 - Log settings

26 05-16000-0082-20050115 Fortinet Inc.Configuring the FortiLog unit Connecting to the FortiLog UnitConfiguring the FortiLog unitWhen you configure a

Strany 45 - Log policy

Connecting to the FortiLog Unit Configuring the FortiLog unitFortiLog Administration Guide 05-16000-0082-20050115 273 Enter a device name.For a Fort

Strany 46

28 05-16000-0082-20050115 Fortinet Inc.Configuring the FortiLog unit Connecting to the FortiLog UnitYou can classify the device interfaces as one of N

Strany 47

FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 29Managing the FortiLog unitUsing the FortiLog system s

Strany 48 - Administrator options

ContentsFortiLog Administration Guide 05-16000-0082-20050115 3Table of ContentsIntroduction...

Strany 49 - Devices (Active mode)

30 05-16000-0082-20050115 Fortinet Inc.Status Managing the FortiLog unitFigure 11: System status (Active mode)Automatic Refresh IntervalSelect to cont

Strany 50 - Editing device information

Managing the FortiLog unit StatusFortiLog Administration Guide 05-16000-0082-20050115 31Changing the FortiLog host nameThe FortiLog host name appear

Strany 51 - Alert Email

32 05-16000-0082-20050115 Fortinet Inc.Status Managing the FortiLog unitViewing system resources informationOn the Status page, you can view the CPU,

Strany 52 - Creating a new device alert

Managing the FortiLog unit StatusFortiLog Administration Guide 05-16000-0082-20050115 33To change the firmware using the CLIUse the following proced

Strany 53

34 05-16000-0082-20050115 Fortinet Inc.Status Managing the FortiLog unitTo perform this procedure you need to install a TFTP server that you can conne

Strany 54

Managing the FortiLog unit StatusFortiLog Administration Guide 05-16000-0082-20050115 35The following message appears:Enter File Name [image.out]:11

Strany 55 - Defining IP aliases

36 05-16000-0082-20050115 Fortinet Inc.Status Managing the FortiLog unit7 Immediately press any key to interrupt the system startup.If you successfull

Strany 56 - Figure 27: IP aliases

Managing the FortiLog unit StatusFortiLog Administration Guide 05-16000-0082-20050115 37To install a backup firmware image1 For all three FortiLog m

Strany 57

38 05-16000-0082-20050115 Fortinet Inc.Status Managing the FortiLog unitThe FortiLog unit saves the backup firmware image and restarts. When the Forti

Strany 58 - Configuring report parameters

Managing the FortiLog unit StatusFortiLog Administration Guide 05-16000-0082-20050115 39To switch back to the default firmware image1 For all three

Strany 59 - Configuring a report query

Contents4 05-16000-0082-20050115 Fortinet Inc.Managing the FortiLog unit...

Strany 60 - Creating a query profile

40 05-16000-0082-20050115 Fortinet Inc.Status Managing the FortiLog unitTo download a FortiLog debug log1 Go to System > Status > Status.2 For S

Strany 61 - Select filtering options

Managing the FortiLog unit StatusFortiLog Administration Guide 05-16000-0082-20050115 41To upload the firmware image to the FortiLog unit1 Make sure

Strany 62 - Setting a report schedule

42 05-16000-0082-20050115 Fortinet Inc.Config Managing the FortiLog unitConfigUse system config to configure the FortiLog network settings, RAID setti

Strany 63

Managing the FortiLog unit ConfigFortiLog Administration Guide 05-16000-0082-20050115 43RAIDTo configure the FortiLog RAID level and check the RAID

Strany 64 - Reports on demand

44 05-16000-0082-20050115 Fortinet Inc.Config Managing the FortiLog unitLog settingsTo configure the FortiLog unit to log locally or to send FortiLog

Strany 65 - Viewing reports

Managing the FortiLog unit ConfigFortiLog Administration Guide 05-16000-0082-20050115 45Log policySelect Config Policy to configure the FortiLog uni

Strany 66 - Individual reports

46 05-16000-0082-20050115 Fortinet Inc.Config Managing the FortiLog unitTimeTo change the FortiLog unit time, go to System > Config > Time. For

Strany 67 - Vulnerability reports

Managing the FortiLog unit ConfigFortiLog Administration Guide 05-16000-0082-20050115 47Figure 19: AdminConfigure Administrator accessConfigure admi

Strany 68 - Selecting plug-ins

48 05-16000-0082-20050115 Fortinet Inc.Config Managing the FortiLog unitTo configure administrative access to the FortiLog unit1 Go to System > Con

Strany 69 - Creating a plug-in profile

Managing the FortiLog unit Devices (Active mode)FortiLog Administration Guide 05-16000-0082-20050115 49To add an administrator account1 Go to System

Strany 70 - Vulnerability reports Reports

ContentsFortiLog Administration Guide 05-16000-0082-20050115 5Reports ...

Strany 71

50 05-16000-0082-20050115 Fortinet Inc.Devices (Active mode) Managing the FortiLog unitDevice listTo add and manage devices connecting to the FortiLog

Strany 72

Managing the FortiLog unit Alert EmailFortiLog Administration Guide 05-16000-0082-20050115 51To edit a device1 Go to System > Devices.2 For the d

Strany 73 - Using Logs

52 05-16000-0082-20050115 Fortinet Inc.Alert Email Managing the FortiLog unitLocalTo set the email alert notification for the FortiLog unit, go to Sys

Strany 74 - Viewing logs

Managing the FortiLog unit Alert EmailFortiLog Administration Guide 05-16000-0082-20050115 53Figure 25: Device alert settingsAlert Name Enter a name

Strany 75 - Finding log information

54 05-16000-0082-20050115 Fortinet Inc.Alerts Managing the FortiLog unitTo add a device alert1 Go to System > Alert Email > Device.2 Select Crea

Strany 76

Managing the FortiLog unit Network SharingFortiLog Administration Guide 05-16000-0082-20050115 55Figure 26: Device alert messagesNetwork SharingUse

Strany 77 - Importing log files

56 05-16000-0082-20050115 Fortinet Inc.Defining IP aliases Managing the FortiLog unitFigure 27: IP aliasesTo set host alias names1 Go to Reports >

Strany 78 - Log watch (Active mode)

FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 57ReportsThe FortiLog unit collates information collect

Strany 79

58 05-16000-0082-20050115 Fortinet Inc.Creating and generating a report Reports3 Set the following:• “Configuring report parameters” on page 58• “Conf

Strany 80

Reports Creating and generating a reportFortiLog Administration Guide 05-16000-0082-20050115 595 Select Apply.Configuring a report querySelect the s

Strany 81

Contents6 05-16000-0082-20050115 Fortinet Inc.Adding and modifying group accounts...

Strany 82

60 05-16000-0082-20050115 Fortinet Inc.Creating and generating a report Reports4 Select the plus sign next to a category to expand and view the sub ca

Strany 83 - Assigning access to folders

Reports Creating and generating a reportFortiLog Administration Guide 05-16000-0082-20050115 616 Select the group or individual devices to use in th

Strany 84

62 05-16000-0082-20050115 Fortinet Inc.Creating and generating a report Reports4 Select the type of matching for the filter criteria:• Select Any to f

Strany 85

Reports Creating and generating a reportFortiLog Administration Guide 05-16000-0082-20050115 633 Select Schedule.4 Select a day from the following:5

Strany 86

64 05-16000-0082-20050115 Fortinet Inc.Creating and generating a report ReportsTo select the report destination and format1 Go to Reports > Config.

Strany 87 - FortiLog CLI reference

Reports Viewing reportsFortiLog Administration Guide 05-16000-0082-20050115 65Viewing reportsUse the FortiLog web-based manager to view a list of th

Strany 88 - Connecting to the CLI

66 05-16000-0082-20050115 Fortinet Inc.Viewing reports ReportsRoll up reportThe roll up report contains all reports that you selected for the FortiLog

Strany 89

Reports Vulnerability reportsFortiLog Administration Guide 05-16000-0082-20050115 67Figure 36: VPN activity report in PDFVulnerability reportsVulner

Strany 90

68 05-16000-0082-20050115 Fortinet Inc.Vulnerability reports Reports3 Set the following:• “Selecting report result parameters” on page 68• “Selecting

Strany 91 - CLI commands

Reports Vulnerability reportsFortiLog Administration Guide 05-16000-0082-20050115 69Figure 38: Vulnerability plugin optionsTo select the plug-ins1 G

Strany 92

FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 7IntroductionFortiLog units are network appliances that

Strany 93

70 05-16000-0082-20050115 Fortinet Inc.Vulnerability reports ReportsFigure 39: Selecting scan targetsTo select the scan targets1 Go to Reports > Co

Strany 94

Reports Vulnerability reportsFortiLog Administration Guide 05-16000-0082-20050115 714 Select Apply.Choosing the report destination and formatSelect

Strany 95

72 05-16000-0082-20050115 Fortinet Inc.Vulnerability reports ReportsViewing the vulnerability reportThe FortiLog unit saves the vulnerability report e

Strany 96

FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 73Using LogsThe FortiLog unit collects log files from v

Strany 97

74 05-16000-0082-20050115 Fortinet Inc.The Log view interface Using LogsThe Log view interfaceThe log viewer interface provides a means of viewing dev

Strany 98

Using Logs Viewing logsFortiLog Administration Guide 05-16000-0082-20050115 75Figure 43: Viewing a device logTo view the device log files1 Go to Fil

Strany 99

76 05-16000-0082-20050115 Fortinet Inc.Viewing logs Using LogsFigure 44: Basic log filter5 Do the following to search the log using the Basic log filt

Strany 100

Using Logs Importing log filesFortiLog Administration Guide 05-16000-0082-20050115 776 Select each row in the Filter column.7 Each row of informatio

Strany 101

78 05-16000-0082-20050115 Fortinet Inc.Log Search Using LogsLog SearchUse the Log Search, to perform a simple search of all log files on the FortiLog

Strany 102

Using Logs Event correlation (Active mode)FortiLog Administration Guide 05-16000-0082-20050115 795 Select Apply.Event correlation (Active mode)Event

Strany 103

8 05-16000-0082-20050115 Fortinet Inc.Operational Modes IntroductionOperational ModesThe FortiLog device can operate in two modes: Active mode or Pass

Strany 104

80 05-16000-0082-20050115 Fortinet Inc.Event correlation (Active mode) Using LogsShow me Select Show me to view the selection from the sort list.# The

Strany 105

FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 81Using the FortiLog unit as a NASUsers can save, store

Strany 106

82 05-16000-0082-20050115 Fortinet Inc.Providing access to the FortiLog hard disk Using the FortiLog unit as a NASProviding access to the FortiLog har

Strany 107

Using the FortiLog unit as a NAS Providing access to the FortiLog hard diskFortiLog Administration Guide 05-16000-0082-20050115 83Adding and modifyi

Strany 108

84 05-16000-0082-20050115 Fortinet Inc.Providing access to the FortiLog hard disk Using the FortiLog unit as a NASFigure 49: Windows sharing configura

Strany 109

Using the FortiLog unit as a NAS Providing access to the FortiLog hard diskFortiLog Administration Guide 05-16000-0082-20050115 85Figure 50: NFS sha

Strany 110

86 05-16000-0082-20050115 Fortinet Inc.Setting folder and file properties Using the FortiLog unit as a NASSetting folder and file propertiesThe FortiL

Strany 111

FortiLog Administration Guide Version 1.6FortiLog Administration Guide 05-16000-0082-20050115 87FortiLog CLI referenceThis chapter explains how to co

Strany 112

88 05-16000-0082-20050115 Fortinet Inc.Connecting to the CLI FortiLog CLI referenceConnecting to the CLIThe FortiLog-800 model has serial port and you

Strany 113 - Appendix A: Log Report Types

FortiLog CLI reference Connecting to the CLIFortiLog Administration Guide 05-16000-0082-20050115 8910 Type the password for this administrator and p

Strany 114 - FTP Activity

Introduction Operational ModesFortiLog Administration Guide 05-16000-0082-20050115 9Figure 3: FortiLog Active mode network architecturePassive ModeP

Strany 115 - Mail Activity

90 05-16000-0082-20050115 Fortinet Inc.Connecting to the CLI FortiLog CLI reference4 To confirm that you have configured SSH or Telnet access correctl

Strany 116 - Intrusion Activity

FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 91CLI commandsThe FortiLog CLI commands include:• execute br

Strany 117 - Mail Filter Activity

92 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceget branchUse get to display settings, logs, or system information. Table 5:

Strany 118 - Content Activity

FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 93get report resolve Display the settings (what is turned on

Strany 119

94 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceset branchUse set to configure settings, logs, or system information.set ale

Strany 120

FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 95set alertemaildevice {enable | disable}addvirusalert {enab

Strany 121

96 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceset alertmail device enable add levelnum {emergency | alert | critical | err

Strany 122

FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 97set consoleUse set console to set console configuration.Ta

Strany 123

98 05-16000-0082-20050115 Fortinet Inc.CLI commands FortiLog CLI referenceset logUse set log to configure log settingsTable 8: set log command archite

Strany 124

FortiLog CLI reference CLI commandsFortiLog Administration Guide 05-16000-0082-20050115 99setlogdevtype <string>reportname <report name>

Komentáře k této Příručce

Žádné komentáře