Hot!FortiSwitch logging and useful events

Author
tanr
Platinum Member
  • Total Posts : 804
  • Scores: 36
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
2018/08/25 15:48:25 (permalink)
0

FortiSwitch logging and useful events

Hi All,
 
I've moved one of our locations over to FortiGate managed FortiSwitches, as part of a 5.6 Security Fabric.  It's actually gone pretty smoothly, though I am doing some direct CLI setting of the FortiSwitches for a few things.
 
I found I needed to set 
    config switch-controller switch-log
        set severity notification
to get enough useful logs.  These show up as system events on the FortiAnalyzer.  Oddly, a bunch of them show up with level=information.
 
I added a custom event handler to the FortiAnalyzer so that BPDU Guard shutting down a port will notify me:
    Log Type: Event Log
    Generic Text Filter: msg ~ "BPDU Guard: BPDU detected"
 
I found this useful since I set BPDU Guard on all edge ports and it catches bad configurations or malicious devices.  It also helped me discover our Sonos system does its own BPDUs - fun, fun.
 
I'm curious what useful or non-standard FortiSwitch events others might have created custom events for?
Or docs with possible FortiSwitch events, beyond the four types listed in the CLI (event, router, system, user)?
post edited by tanr - 2018/08/25 22:17:46
#1

5 Replies Related Threads

    bmduncan34
    Bronze Member
    • Total Posts : 46
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/07/05 10:33:11
    • Status: offline
    Re: FortiSwitch logging and useful events 2020/04/27 11:02:11 (permalink)
    0
    Funny no one responded to your post.  I've got 39 Fortiswitches and I'd like my FortiAnalyzer to give me useful events from them too.  What you already provided in your question was useful to me though!  Thanks.
    #2
    Tezro
    New Member
    • Total Posts : 14
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/06/04 02:12:45
    • Status: offline
    Re: FortiSwitch logging and useful events 2021/04/22 03:00:43 (permalink)
    0
    No answer -because it's a bad type of question ...
     
    The right one is "where I can buy fortigate / fortiswitch / forti ...?" -in this case you would collect a lot of answers, every with contact mail / phone
    #3
    bmduncan34
    Bronze Member
    • Total Posts : 46
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/07/05 10:33:11
    • Status: offline
    Re: FortiSwitch logging and useful events 2021/04/22 09:54:15 (permalink)
    0
    Not clear why it's a bad question.  I used the information there to get very helpful alerts related to SFP optics losing power and causing Fortilink problems.  Can you explain what you meant?
    #4
    MikePruett
    Platinum Member
    • Total Posts : 711
    • Scores: 19
    • Reward points: 0
    • Joined: 2014/01/08 19:39:40
    • Location: Montgomery, Al
    • Status: offline
    Re: FortiSwitch logging and useful events 2021/04/25 12:18:28 (permalink)
    0
    Tezro is wrong. There is nothing wrong with the recommendation or his following questions.
     
    He provides info into how to gain more quality logging and then asks if anyone has any other good use cases to make those events that are being logged useful.
    #5
    Tezro
    New Member
    • Total Posts : 14
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/06/04 02:12:45
    • Status: offline
    Re: FortiSwitch logging and useful events 2021/05/03 09:15:07 (permalink)
    0
    it's quite simple ...
    questions appear after purchasing Fortinet equipment and there are no people willing to answer...
    This is what I meant and I am certainly not mistaken
    This applies to many issues - for example Fortigate support for LTE modems
    The marketing answer is "yeah, of course our equipment works with LTE modems!"
    The technical answer is: "well, they do work, but only specific models of selected manufacturers and with a specific firmware" -but you will find out about it until you spend a few nights looking for a solution to the problem -I checked personally ...

    @FortinetGuru
    I would ask for a specific solution:
    how to configure Fortswitch so that device statistics can be read via SNMP and sFlow - Fortiswitch is controlled by Fortigate for ease of use ...
    Despite all the splendor, the universal functionality of the set: Fortigate + FortiLink + Fortiswitch etc etc, somehow I can't find such an option (I can see traffic in the Dashboard but for the entire VLAN, not the specific network traffic of port 17 in the switch)
    For me it matters and it is much more important than the next bugged version of FortiOS 7 with 170 "new features" instead of fixing nightmarish bugs in FortiOS 6.2 and 6.4 or simply put into F generation at least 4Gigs of RAM to avoid legendary "memory conserve mode" -it would cost maybe 10$ more in production but saves a lot of careers ;^)

    Well, I'm just a technician, not a marketer
     
    Cheers and good health!

    T
    post edited by Tezro - 2021/05/03 09:19:33
    #6
    Jump to:
    © 2021 APG vNext Commercial Version 5.5