Fortinet FortiAnalyzer-100A Скачать руководство пользователя

Страница: 103 / 162

Forensic Analysis

Forensic Reports

FortiAnalyzer Version 3.0 MR3 Administration Guide
05-30003-0082-20060925

103

Figure 39: Configuring the forensic analysis report criteria

Report Profile

Select to save the report profile for future reports or On Demand

to use the report profile once. Once the FortiAnalyzer unit runs the

report, the profile created is removed from the system.

Report Category

Select the type of analysis to include in the report, either user or

device.

User

Select a user from the list. Alternatively, select Specify and select

an option from the Specify list.
This setting is available when using the User Analysis Report

Category.

Specify

Select to generate a report based on a specific user name or IP

address. This option becomes available when selecting Specify

from the User selection.
This setting is available when using the User Analysis Report

Category.

Source IP Address
Username (in logs)

Depending on the selection from the Specify list, enter the

appropriate information.
This setting is available when using the User Analysis Report

Category.

Group

Select to generate a report on a specific user group.
This setting is available when using the User Analysis Report

Category.

Group Name (in logs)

Enter a specific group name. This option becomes available when

selecting Specify from the Group selection.
This setting is available when using the User Analysis Report

Category.

Report Granularity

Select the number of results for the report.
This setting is available when using the User Analysis and Device

Analysis Report Categories.

Device(s)

Select a device or device group.
This setting is available when using the User Analysis and Device

Analysis Report Categories.

Virtual Domains

Enter a virtual domain name for the report.
This setting is available when using the Device Analysis Report

Category.

Resolve Host Names

Select to display host names by a recognizable name rather than

IP addresses. For details on configuring IP address host names,

see

“IP Aliases” on page 53

Resolve Service
Names

Select to display network service names rather than port numbers.

For example, HTTP rather than port 80.

Содержание FortiAnalyzer-100A

Страница 1: ...www fortinet com FortiAnalyzer Version 3 0 MR3 A D M I N I S T R A T I O N G U I D E...

Страница 2: ...ortiBIOS FortiBridge FortiClient FortiGate FortiGuard FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGuard Web FortiLog FortiAnalyzer FortiManager Fortinet FortiOS FortiPartner For...

Страница 3: ...de 15 FortiAnalyzer documentation 16 Fortinet Tools and Documentation CD 17 Fortinet Knowledge Center 17 Comments on Fortinet technical documentation 17 Customer service and technical support 17 Insta...

Страница 4: ...g disks 33 Restoring a FortiAnalyzer unit 33 Restoring a FortiAnalyzer 100 or FortiAnalyzer 400 33 Restoring a FortiAnalyzer 100A 100B 800 2000 and 4000 4000A 34 Changing the firmware 35 Changing the...

Страница 5: ...ing RAID on the FortiAnalyzer 2000 and FortiAnalyz er 4000 4000A 55 Maintenance 57 Backup Restore 57 Update center 58 RAID levels 59 Linear 60 RAID 0 60 RAID 1 60 RAID 5 60 RAID 10 61 RAID 50 61 RAID...

Страница 6: ...w 83 Customizing the log column views 83 Filtering logs 84 Filtering tip 84 Search the logs 84 Basic search 85 Advanced search 85 Search tips 86 Printing the search results 86 Log rolling 86 Content a...

Страница 7: ...9 Viewing Instant Messaging and P2P traffic 109 Filtering traffic summaries 110 Filtering tip 111 Device Summary 111 Traffic Report 112 Configuring a traffic report 112 Viewing traffic summary reports...

Страница 8: ...IB System Traps 136 FortiGate MIB Logging Traps 136 FortiGate MIB VPN Traps 136 Fortinet MIB System fields 136 Fortinet Administrator Accounts 136 Fortinet Options 136 Fortinet Active IP Sessions 137...

Страница 9: ...0003 0082 20060925 9 Search the network traffic logs 146 Basic search 146 Advanced search 146 Search tips 147 Printing the search results 147 Log rolling 147 Vulnerability scan 151 Modules 151 Jobs 15...

Страница 10: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 10 05 30003 0082 20060925 Contents...

Страница 11: ...led reports that can be scheduled or generated on demand to basic traffic sniffing and real time network monitoring This section introduces you to the FortiAnalyzer appliance and includes the followin...

Страница 12: ...vices Supported 200 FortiGate units or VDOM licenses Supports FortiGate 50A to FortiGate 800 only FortiClient installations Supported 2000 AC Input Voltage 100 240V 4Amp Max Ports 2 10 100 Ethernet po...

Страница 13: ...te units or VDOM licenses Supports all FortiGate models FortiClient installations Supported 5000 AC Input Voltage 100 240V 9Amp Max Ports 2 gigabit ethernet ports Memory 1 GB Disk Drives 12 x 250GB ho...

Страница 14: ...s included in the report Data mining The FortiAnalyzer unit provides data mining features that enables you to easily access simple reports to obtain information on the intrusion attempts on your netwo...

Страница 15: ...FortiGate unit and a FortiAnalyzer 100A 100B to collect local log information The headquarters has a FortiAnalyzer 2000 as the central log aggregator Quarantine For FortiGate units that do not have a...

Страница 16: ...them on the FortiAnalyzer hard disk Vulnerability scan describes how to set up vulnerability scans and view the generated reports Reports describes how to create report profiles for running regular re...

Страница 17: ...ledge center contains short how to articles FAQs technical notes product and feature guides and much more Visit the Fortinet Knowledge Center at http kc forticare com Comments on Fortinet technical do...

Страница 18: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 18 05 30003 0082 20060925 Customer service and technical support Introduction...

Страница 19: ...unit Upgrading the FortiAnalyzer firmware Backing up the FortiAnalyzer hard disk Shutting down the FortiAnalyzer unit Planning the installation You can add the FortiAnalyzer unit to your local networ...

Страница 20: ...tion make sure that the appliance has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling Mechanical loading You can mount the FortiAnalyzer 800 FortiAnalyzer...

Страница 21: ...1 IP 192 168 1 99 Netmask 255 255 255 0 Management Access HTTP HTTPS PING SSH Port 2 IP 192 168 2 99 Netmask 255 255 255 0 Management Access HTTP HTTPS PING SSH Port 3 IP 192 168 3 99 Netmask 255 255...

Страница 22: ...Administrator account User name admin Password none Port 1 IP 192 168 1 99 Netmask 255 255 255 0 Management Access HTTP HTTPS PING SSH Port 2 IP 192 168 2 99 Netmask 255 255 255 0 Management Access HT...

Страница 23: ...version 6 0 or higher or other current popular web browser on the management computer To connect to the web based manager 1 Connect the Port1 interface of the FortiAnalyzer unit to the Ethernet port o...

Страница 24: ...port The CLI supports the same configuration and monitoring functionality as the web based manager To connect to the FortiAnalyzer unit through the console 1 Use a null modem cable to connect the seri...

Страница 25: ...address information and select Enter to select a menu option or number in the IP address Upgrading the FortiAnalyzer firmware Upgrade the FortiAnalyzer firmware using the instructions in the topic Ch...

Страница 26: ...e the log information to the FortiAnalyzer hard disk execute restore logs device ftp_ip_address ftp_username ftp_password ftp_dir Shutting down the FortiAnalyzer unit When powering off the FortiAnalyz...

Страница 27: ...shboard Network settings Administrator settings Network sharing Configuring the FortiAnalyzer unit Maintenance RAID levels Dashboard The system dashboard provides a view of the current operating statu...

Страница 28: ...he firmware installed on the FortiAnalyzer unit Select Update to upload a new version of the firmware For details on updating the firmware see Changing the firmware on page 35 CPU Usage The current CP...

Страница 29: ...available if your access privileges include write permissions Support Contract The support contract number and expiry date RVS Engine The version of the RVS engine Select Update to upload a new versi...

Страница 30: ...firmware version This also includes resetting the IP address and netmask You will need to reconnect to the FortiAnalyzer device using the default IP address of 192 168 1 99 CPU Usage The CPU usages fo...

Страница 31: ...right corner of the Alert Message Console area Figure 3 Alert messages To Port The destination port of the connection Expires Secs The time in seconds remaining before the connection terminates Page...

Страница 32: ...box for alert messages you want to delete and select the delete icon System Time The current FortiAnalyzer system date and time Refresh Update the display of the current FortiAnalyzer system date and...

Страница 33: ...Analyzer unit is unresponsive to the web based manager or the CLI The cause may be a corrupted firmware image Restoring a FortiAnalyzer 100 or FortiAnalyzer 400 To use the following procedure you must...

Страница 34: ...ges appears Press any key to display configuration menu Immediately press any key to interrupt the system startup If you successfully interrupt the startup process the following messages appears G Get...

Страница 35: ...unit maintains the your configuration settings Back up the FortiAnalyzer unit configuration before beginning this procedure For information see Backup Restore on page 57 To change the firmware using t...

Страница 36: ...to 20 characters long Network settings Use the network settings to configure the FortiAnalyzer unit to operate in your network Basic network settings include configuring FortiAnalyzer interfaces DNS s...

Страница 37: ...ess to an interface to control how administrators access the FortiAnalyzer unit and the FortiAnalyzer interfaces that administrators can connect to Select from the following administrative access opti...

Страница 38: ...options and select OK Primary DNS Server Enter the primary DNS server IP address that the FortiAnalyzer unit can connect to Several of the FortiAnalyzer functions use DNS Secondary DNS Server Enter a...

Страница 39: ...ministrators 2 Select Create New 3 Configure the following options and select OK Name The assigned name for the administrator Trusted Hosts The IP address where the administrator can log into the Fort...

Страница 40: ...ccess profiles that you assign to administrators For each profile you can define what access privileges are granted For example you can have a profile where the administrator only has read and write a...

Страница 41: ...name for the profile 4 Select a filter for each option Auth Groups The Auth Groups page enables you to group RADIUS servers in to logical arrangements To add a group you must first have at least one...

Страница 42: ...ould the need arise To monitor current administrators go to System Admin Monitor Name Enter a name to identify the server Server IP Name Enter the IP address for the server Shared Secret Enter the pas...

Страница 43: ...not be aware of other devices or ADOMs on the FortiAnalyzer unit Similar to the web based manager users who access the CLI for their ADOM are not able to see data or configuration settings for other...

Страница 44: ...ar the check box 3 Select OK Configuring ADOM settings The default configuration of a FortiAnalyzer contains only the Global Configuration You must create and configure new ADOMs When Admin Domain Con...

Страница 45: ...ve store and access information on the FortiAnalyzer hard disk as an alternate means of storing important files and work Users can also access the reports and logs saved on the FortiAnalyzer hard disk...

Страница 46: ...he group account 4 Select the users from the Available Users area and select the Right arrow to add them to the group To remove a user select a user from the Members area and select the Left arrow 5 S...

Страница 47: ...oups configure the files and folders the users can access and their read and read write access privileges Figure 12 Windows sharing configuration Local Path The path the user has permission to connect...

Страница 48: ...Windows sharing To view a list of users with NFS share access to the FortiAnalyzer unit including access privileges go to System Network Sharing NFS Export Figure 13 Viewing user access To add a new...

Страница 49: ...These options are set in the CLI For more information see the config nas share command in the FortiAnalyzer CLI Reference Configuring the FortiAnalyzer unit Use the system config to setup and maintain...

Страница 50: ...he FortiAnalyzer hard disk The FortiAnalyzer unit logs all levels of severity down to but not lower than the level you select For example if you want to record emergency critical and error messages se...

Страница 51: ...size the FortiAnalyzer unit saves the log files with an incremental number and starts a new log file with the same name Log file should be rolled Set the frequency of when the FortiAnalyzer unit saves...

Страница 52: ...ed devices using SSH on port 22 This does not include quarantined files It does include the active log to the point of aggregation tlog log for example and all rolled logs available on the client hard...

Страница 53: ...New 3 Enter a name for the IP address in the Alias box 4 Enter the IP address and select OK Importing an IP alias list file For large listings of IP address and names you can also import a text file...

Страница 54: ...example 10 10 10 1 10 10 10 50 10 10 10 1 10 10 20 100 10 10 10 RAID Configuring RAID on the FortiAnalyzer 400 and FortiAnalyzer 800 The FortiAnalyzer 400 and FortiAnalyzer 800 have four hot swappable...

Страница 55: ...are appears as a separate unit Status The status of the RAID For example when starting a RAID array Initializing appears When the RAID disk is functioning normally OK appears Size The total size of th...

Страница 56: ...he hard disk configurations Unit The hard disk grouping Type The setting for the unit When employing a RAID level that includes a hot spare the hard disk assigned as a hot spare appears as a separate...

Страница 57: ...configuration Backup configuration to Currently the only option is to back up to your local PC Encrypt configuration file Select to encrypt the backup file Enter a password in the Password field and...

Страница 58: ...t The FortiAnalyzer unit supports the following definition update features User initiated updates from the FDN Hourly daily or weekly scheduled antivirus and attack definition updates from the FDN Upd...

Страница 59: ...ribution Network stays set to not available the FortiAnalyzer unit cannot connect to the override server Check the FortiAnalyzer configuration and the network configuration to make sure you can connec...

Страница 60: ...mation to one hard disk and writes a copy a mirror image of all information to all other hard disks The total disk space available is that of only one hard disk as the others are solely used for mirro...

Страница 61: ...that a hard disk fails within a minute of the failure the FortiAnalyzer unit automatically substitutes the hot spared disk drive and rebuilds the data to integrate the hard disk into the RAID array W...

Страница 62: ...e face place unlock the drive and pull out the drive 4 Insert the new hard disk into the empty drive bay on the FortiAnalyzer unit reversing the steps above 5 Select Return from the web based manager...

Страница 63: ...escan The FortiAnalyzer disk controller scans the available hard disks and updates the RAID array for the remaining hard disks The RAID array status will be Degraded 5 Insert the new hard disk into th...

Страница 64: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 64 05 30003 0082 20060925 RAID levels Configure the FortiAnalyzer unit...

Страница 65: ...Syslog server Device Groups Blocked Devices Devices List The devices list displays a listing of devices configured to connect and send log packets or messages to the FortiAnalyzer unit Figure 21 Devic...

Страница 66: ...FortiAnalyzer unit directly from the device This feature is only available on FortiGate units running FortiOS 3 0 This permission will appear red unavailable for Syslog devices by default For a FortiM...

Страница 67: ...feature within FortiOS 3 0 for all FortiGate units It is a protocol where a FortiGate unit and a FortiAnalyzer unit are able to discover one another and configure themselves automatically On the Forti...

Страница 68: ...eives message packets from a FortiGate unit the FortiAnalyzer unit adds the FortiGate unit to the list of unregistered devices To register a FortiGate unit to send log messages to the FortiAnalyzer un...

Страница 69: ...iGate unit s name in the devices list Administrative Domain Select the administrative domain ADOM that the device will be associated with This selection is visible when using the ADOM feature For more...

Страница 70: ...s as one of None LAN WAN or DMZ to match the type of traffic the interface will process When the FortiAnalyzer unit generates the traffic log report the FortiAnalyzer unit compares the source and dest...

Страница 71: ...lowing options and select OK Unlike other devices a FortiClient connection can only send log messages to the FortiAnalyzer unit You cannot configure it so that a user can view their log messages or sp...

Страница 72: ...FortiManager unit s serial number If you are adding a new FortiManager unit that is not already in the unregistered list enter the FortiManager unit s serial number The FortiManager unit s serial num...

Страница 73: ...rtiAnalyzer 1 Go to Device All 2 Select Unregistered from the Show list and select Add from the Action column for the syslog device or Select Add Device 3 Set the following options Device Type Select...

Страница 74: ...Go to Device Groups 2 Select Create New 3 Enter a name for the group 4 Select the devices to include in the group from the list of Available Devices and select the right pointing arrow 5 Select OK Blo...

Страница 75: ...All Blocked Devices Figure 22 List of blocked devices Device ID The name or serial number of the blocked device Hardware Model The type of device for example FortiGate FortiManager or Syslog server I...

Страница 76: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 76 05 30003 0082 20060925 Blocked Devices Devices...

Страница 77: ...gs Log rolling Log Viewer The log viewer enables you to view logs from registered devices The Log Viewer has two types of log viewing options Real time logs display log message updates as the log mess...

Страница 78: ...ear on the page For details see Customizing the log column views on page 83 Formatted Raw Select a view of the log file Selecting Formatted the default displays the log files in columnar format Select...

Страница 79: ...ct a view of the log file Selecting Formatted the default displays the log files in columnar format Selecting Raw displays the log information as it actually appears in the log file Resolve Host Name...

Страница 80: ...t when generating a printable version Note Searches using characters will not include results from the Traffic logs Traffic logs include information for source and destination IP addresses and ports w...

Страница 81: ...ed from the device Size bytes The size of the log file Action Select Delete to remove the log file from the FortiAnalyzer hard disk Select Download to save the log file to your local hard disk Select...

Страница 82: ...log type 3 In the Action column select Download Column Settings Select to change the columns to view and the order they appear on the page For details see Customizing the log column views on page 83...

Страница 83: ...columns 1 When viewing a log file select Column Settings A list of columns available for the log type appears 2 In the Available Fields area select a column name and select the right arrow to move th...

Страница 84: ...he column and select Reset Filter Filtering tip When filtering by source or destination IP you can use the following in the filtering criteria a single address 2 2 2 2 an address range using a wild ca...

Страница 85: ...f the results will include entries from the Traffic log To get results from the traffic log you must search on the IP address of User1 For example 10 10 10 1 Search Select to begin searching the logs...

Страница 86: ...esults The FortiAnalyzer unit enables you to produce a hard copy of the results of a search which you can email save to a local hard disk or print After completing a search the results include a Print...

Страница 87: ...Protocol SCP Server IP address Enter the IP address of the FTP server Username Enter the user name to connect to the FTP server The user name has a default of anonymous Password Enter the password re...

Страница 88: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 88 05 30003 0082 20060925 Log rolling Logs...

Страница 89: ...nformation to the FortiAnalyzer unit see the FortiGate Administration Guide This section includes the following topics Content viewer Customizing the content log view Log rolling Content viewer The co...

Страница 90: ...Column Settings A list of available columns for the log type appears Resolve Host Name Select to view the client IP address as a real name You must configure the IP aliases on the FortiAnalyzer for th...

Страница 91: ...icon and select Reset Filter When viewing real time logs you cannot filter on the time column because the time will always be the current time Filtering tip When filtering by source or destination IP...

Страница 92: ...file reaches the specified maximum size the FortiAnalyzer unit saves current content log file with an incremental number and starts a new active log file Log file should be rolled Set the time of day...

Страница 93: ...ct a specific time of the day when the FortiAnalyzer unit rolls the content log file The FortiAnalyzer unit will upload at the configured time no matter what the size of the log file is or when it may...

Страница 94: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 94 05 30003 0082 20060925 Log rolling Content archive...

Страница 95: ...amount of disk space to allocate for storing quarantine files sent from the FortiGate units The FortiAnalyzer unit divides the amount of disk space you allocated for files evenly between all register...

Страница 96: ...Enter to see the page View per page Select the number of quarantined files to view on a single page From Device The name of the device where the quarantined file originated File Name The processed fi...

Страница 97: ...twork information This includes the users IP address user name IM name s and email address es Adding users Add users to the FortiAnalyzer analysis list for tracking When adding a user you include thei...

Страница 98: ...rrow 5 Select OK Lookup The Lookup provides a method of finding additional user information For example if you know the user s email address you can use the lookup to find the IP address or instant me...

Страница 99: ...what you have selected and its relationship to each other Below this statement a list of available data will appear Select the check box beside each entry to add the data to the user information User...

Страница 100: ...ve from a FortiGate unit on its hard disk for all information based on the criteria entered and displays the number if results for each criteria Figure 37 Search results Select View for the log inform...

Страница 101: ...al reports similar to the network reporting functionality The reports provide detailed information on a users website access blocked web access email and FTP and IM usage during a specific period on y...

Страница 102: ...include in the report Company Name Enter the name of your company department or branch Header Comment Enter a title or information to include in the header of the report Footer Comment Select the inf...

Страница 103: ...ist enter the appropriate information This setting is available when using the User Analysis Report Category Group Select to generate a report on a specific user group This setting is available when u...

Страница 104: ...format for the report Configure the FortiAnalyzer unit to either save the reports to the FortiAnalyzer hard disk or email the report to any number of recipients or both When configuring the FortiAnaly...

Страница 105: ...l attachment Select from the following HTML Adobe PDF MS Word format RTF ASCII Text Multi purpose Internet Mail Extension HTML format MHT Email subject Enter a subject to the email FortiAnalyzer sends...

Страница 106: ...yzer unit saves the report files Upload report s in gzipped format Select to compress the report files as gzip files before uploading to the FTP server Delete file s after uploading Select to delete t...

Страница 107: ...units are that may be affecting overall network traffic Hourly reports are updated every ten minutes weekly daily and monthly reports are updated every hour These reports can help you in determining...

Страница 108: ...feature to work correctly you must set the IP aliases For details see IP Aliases on page 53 Firewall The name of the FortiGate unit Host Source The IP address of the FortiGate unit Traffic The amount...

Страница 109: ...mber of outgoing email messages that occurred within the period download The number of incoming email messages that occurred within the period FTP activity within the last Select a time frame for view...

Страница 110: ...ing the IM traffic View Select a device or group of devices View per page Select the number of log messages displayed on each page Page Enter the page number you want to display and press Enter Search...

Страница 111: ...1 1 1 1 or 2 2 2 1 1 1 1 or 2 2 2 1 2 2 2 10 Device Summary The device summary provides a graphical analysis of the network traffic by FortiGate unit The summary provides graphical details in real tim...

Страница 112: ...traffic summary reports To view generated the reports go to Network Summary Traffic Report Browse Figure 49 Browse generated traffic summary reports Device Select a device or device group Time frame...

Страница 113: ...Select a device or group of devices that the FortiAnalyzer unit runs the report against The FortiAnalyzer unit uses the logs for the selected device s Run Engine Select to generate either a daily repo...

Страница 114: ...s Intrusion and Suspicious Frequency The time when the FortiAnalyzer unit runs a report Devices Groups The device or group of device logs the FortiAnalyzer unit uses when generating the report Thresho...

Страница 115: ...rce IP address of the firewall Virus The name of the virus Last Activity The date and time of the last incident of the virus Count The number of incidents made by the virus on the network Action Selec...

Страница 116: ...wing Suspicious activity Count The number of intrusion incidents on the network Action Select Details to display any additional information for the entry The details window displays further details of...

Страница 117: ...he firewall Host Source The source IP address of the firewall Last Activity The date and time of the last high session activity Number of Sessions The number of incidents made by the virus on the netw...

Страница 118: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 118 05 30003 0082 20060925 Security event summaries Traffic summary and security events...

Страница 119: ...network usage and patterns discover and address vulnerabilities across dispersed device installations minimize the effort required to monitor and maintain acceptable user policies identify attack pat...

Страница 120: ...le and configure its settings and schedule The number of report profiles on the FortiAnalyzer unit Report The name of the report profile Device s The device or device group included in the configured...

Страница 121: ...devices or groups of devices to include in the report Report Scope Select the filtering information and time range for the reporting period FortiGate Report Type s Select the reports to include Report...

Страница 122: ...blue arrow to expand the Time Period options Select a time span for the report period or select a specific time frame When the FortiAnalyzer unit generates the report it uses the log data found withi...

Страница 123: ...to select sources by name For details on adding IP Aliases see IP Aliases on page 53 Use a comma to separate multiple sources Select Not to exclude the destination IP address from the report For examp...

Страница 124: ...the service from the report For example do not include any information from a specific service in the log report Message s Enter specific email messages you want the report to include from the email r...

Страница 125: ...tion and format for the report Configure the FortiAnalyzer unit to either save the reports to the FortiAnalyzer hard disk or email the report to any number of recipients or both When configuring the F...

Страница 126: ...rtiAnalyzer unit sends as an email attachment Select from the following HTML Adobe PDF MS Word format RTF ASCII Text Multi purpose Internet Mail Extension HTML format MHT Email subject Enter a subject...

Страница 127: ...ading server Select from File Transfer Protocol FTP Secure File Transfer Protocol SFTP Secure Copy Protocol SCP IP address Enter the IP address of the FTP server Username Enter the user name to log on...

Страница 128: ...formation or add logos to the reports Page Navigation Enter a page number to display reports when a report list spans multiple pages Select Go to move to the page Use the page forward and page back ar...

Страница 129: ...roll up reports when viewing the HTML file format When you view the report in one of the alternate formats only the right frame with the report information is included To view individual reports 1 Go...

Страница 130: ...number Subtype 00 system System activity event 01 ipsec IPSec negotiation event 02 dhcp DHCP service event 03 ppp L2TP PPTP PPPoE service event 04 admin admin event 05 ha HA activity event 06 auth Fir...

Страница 131: ...events that the FortiAnalyzer unit monitors for and what it should do when encountering the alert To view configured alert events go to Alert Alert Event Figure 63 Alert events list Adding an alert ev...

Страница 132: ...Warning Error Critical Alert and Emergency Generic Text Select to add a standard text response for the alert notification Threshold Set the threshold or log message level frequency that the FortiAnal...

Страница 133: ...e you can select it as a way for the FortiAnalyzer unit to communicate an alert For a list of supported MIBs and traps see FortiAnalyzer traps on page 136 To view the SNMP servers go to Alert Output S...

Страница 134: ...yzer unit to communicate an alert To view the SNMP servers go to Alert Output Syslog Server Create New Select to add a new SNMP server Name The name given to the SNMP server Community Name The communi...

Страница 135: ...rtinet proprietary MIBs as well as Fortinet supported standard MIBs into your SNMP manager RFC support includes support for most of RFC 2665 Ethernet like MIB and most of RFC 1213 MIB II The FortiAnal...

Страница 136: ...agers that you have added to SNMP communities To receive traps you must load and compile the Fortinet 3 0 MIB into the SNMP manager The FortiAnalyzer unit supports the following MIBs and traps FortiGa...

Страница 137: ...P Sessions fnIpSessIndex fnIpSessProto fnIpSessFromAddr fnIpSessFromPort fnIpSessToAddr fnIpSessToPort fnIpSessExp RFC 1213 MIB II mib 2 system mib 2 interface mib 2 at mib 2 ip mib 2 icmp mib 2 tcp m...

Страница 138: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 138 05 30003 0082 20060925 Output Alerts...

Страница 139: ...er for analyzing network traffic Traffic viewer Browsing network traffic logs Customizing the traffic analyzer log view Search the network traffic logs Log rolling Connecting the FortiAnalyzer for ana...

Страница 140: ...p changes to Start Select Start to continue the real time traffic viewing Column Settings Select to change the columns to view and the order they appear on the page For details see Customizing the log...

Страница 141: ...the network traffic log files in columnar format Selecting Raw displays the network traffic log information as it actually appears in the log file Resolve Host Names Select to display host names by a...

Страница 142: ...ake a long time to load The printable version takes all filter settings into account when generating a printable version Log Time The date and time the packet transmitted Source The IP address of the...

Страница 143: ...Figure 70 Viewing log data Log files A list of log files on the FortiAnalyzer unit Last Modified The last time the log was updated from the device Size bytes The size of the log file Action Select De...

Страница 144: ...Select Go to jump to the page Column Settings Select to change the columns to view and the order they appear on the page For details see Customizing the log column views on page 145 Search Enter a ke...

Страница 145: ...ning of the columns 1 When viewing a historical network traffic log file select Column Settings A list of columns available for the log type appears 2 Select a column name 3 Select the up and down arr...

Страница 146: ...searches Basic search Advanced search Basic search The basic search performs a simple search of the network traffic log files on the FortiAnalyzer unit The FortiAnalyzer unit maintains a search histo...

Страница 147: ...the results include a Printable Version link Select the link to create an HTML version of the results Log rolling Log rolling is a way to control the network traffic log file size and space used on t...

Страница 148: ...xlog n log where n is the number of rolled logs For example xlog 4 log To enable log rolling go to Tools Network Analyzer Config Figure 73 Log rolling settings Enable Network Analyzer on Select the po...

Страница 149: ...ress of the FTP server Username Enter the user name required to connect to the FTP server The user name has a default of anonymous Click the field to enter a different user name Password Enter the pas...

Страница 150: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 150 05 30003 0082 20060925 Log rolling Network Analyzer...

Страница 151: ...describes how to set up vulnerability scans and view the reports generated by the FortiAnalyzer unit This section includes the following topics Modules Jobs Reports Modules The Modules page provides...

Страница 152: ...75 List of staged vulnerability scan jobs View modules with severity Select the severity level and a condition for the level of the severity Select from the following less than and equal to greater t...

Страница 153: ...s Enter the IP addresses or range of addresses of the device or hosts you want the FortiAnalyzer to scan and select Add You can add as many devices or hosts as required To remove a device select Remov...

Страница 154: ...s an email attachment Select from the following HTML Adobe PDF MS Word format RTF Email subject Enter a subject to the email FortiAnalyzer sends When not selected the subject line is the name of the r...

Страница 155: ...To view generated reports go to Tools Vulnerability Scan Reports Figure 76 Browse generated Vulnerability Scan reports Job Name The name of the vulnerability scan job entered when setting up the job...

Страница 156: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 156 05 30003 0082 20060925 Reports Vulnerability scan...

Страница 157: ...policy 50 configure the FortiGate unit 68 connecting for analyzing network traffic 139 the FortiAnalyzer unit 20 to the web based manager 23 connection sessions 29 content archive 89 content logs dele...

Страница 158: ...port interfaces 70 pre shared key 69 FortiManager 72 device ID 72 disk space 72 groups 73 secure connection 72 FortiProtect Distribution Network 58 FortiProtect Distribution Server 58 FortiScan 29 FT...

Страница 159: ...port 514 66 interfaces 70 power down 29 power off 26 pre shared key FortiGate unit 69 profile reports 101 112 119 properties 49 protocol syslog 66 Q quarantine disk space 95 duplicate count 96 ticket...

Страница 160: ...105 126 154 suspicious activity report 116 events 29 sync interval 32 syslog protocol 66 syslog server 73 134 disk space 73 groups 74 system settings 50 restore default 30 32 system time 28 T TELNET 3...

Страница 161: ...www fortinet com...

Страница 162: ...www fortinet com...

Результаты поиска

Содержание FortiAnalyzer-100A

Отзывы:

Похожие инструкции для FortiAnalyzer-100A

Бренды по названию

Популярные бренды

Fortinet FortiAnalyzer-100A, Руководство администратора

Результаты поиска

Содержание FortiAnalyzer-100A

Отзывы:

Похожие инструкции для FortiAnalyzer-100A

Бренды по названию

Популярные бренды