Thursday, 29 December 2016
Thursday, 4 February 2016
How-to: Use the grep command on a FortiGate
Grep is a fast and easy way of filtering lots of information from the console. The FortiGate allows you to pipe grep to many commands including show, get and diagnose.
To use grep you must pipe it with the search value after a command ex: | grep <value>
There are a few options available with grep that can be seen with the -h flag. Below is a show command that's been piped with grep to display all the options available:
gate1 # show | grep -h
Usage: grep [-invfcABC] PATTERN
Options:
-i Ignore case distinctions
-n Print line number with output lines
-v Select non-matching lines
-f Print fortinet config context
-c Only print count of matching lines
-A Print NUM lines of trailing context
-B Print NUM lines of leading context
-C Print NUM lines of output context
To use grep you must pipe it with the search value after a command ex: | grep <value>
There are a few options available with grep that can be seen with the -h flag. Below is a show command that's been piped with grep to display all the options available:
gate1 # show | grep -h
Usage: grep [-invfcABC] PATTERN
Options:
-i Ignore case distinctions
-n Print line number with output lines
-v Select non-matching lines
-f Print fortinet config context
-c Only print count of matching lines
-A Print NUM lines of trailing context
-B Print NUM lines of leading context
-C Print NUM lines of output context
Tuesday, 19 January 2016
How-to: Configure Collector mode on a FortiAnalyzer
The FortiAnalyzer allows you to aggregate logs from multiple FortiGate firewalls giving you a central console to view logs, alerts and run reports for all the FortiGates in your organisation.
Each FortiAnalyzer can only handle a certain number of logs per second, be it the hardware or VM models. If you have dozens, hundreds or even thousands of FortiGates it would not be feasible to have all these devices send their logs to one FortiAnalyzer. Good news is that FortiAnalyzers can be configured in a 'collector' mode and deployed regionally to take the burden from your Analyzer that is doing the reporting.
One advantage of this is that FortiAnalyzer VMs that have been configured as a collector have no GB per day limitation as their standard config does. This means you'll only need a FortiAnalyzer VM BASE license for each of the remote regions.
In this example I'll configure two FortiGates and FortiAnalyzers that have been configured in collector modes. This will simulate two regions for my organisation and the firewalls within each region. The collectors will then forward their logs to the global Analyzer from where I can run reports for the entire organisation.
The FortiGates are running 5.4.0 and the FortiAnalyzers 5.2.5.
Each FortiAnalyzer can only handle a certain number of logs per second, be it the hardware or VM models. If you have dozens, hundreds or even thousands of FortiGates it would not be feasible to have all these devices send their logs to one FortiAnalyzer. Good news is that FortiAnalyzers can be configured in a 'collector' mode and deployed regionally to take the burden from your Analyzer that is doing the reporting.
One advantage of this is that FortiAnalyzer VMs that have been configured as a collector have no GB per day limitation as their standard config does. This means you'll only need a FortiAnalyzer VM BASE license for each of the remote regions.
In this example I'll configure two FortiGates and FortiAnalyzers that have been configured in collector modes. This will simulate two regions for my organisation and the firewalls within each region. The collectors will then forward their logs to the global Analyzer from where I can run reports for the entire organisation.
The FortiGates are running 5.4.0 and the FortiAnalyzers 5.2.5.
Subscribe to:
Posts (Atom)