In order to setup our FastVue for Fortigate and our Fortigate appliance we need to proceed next steps:
1 Install FastVue
Download FastVue from https://www.fastvue.co/fortinet/download and install it. It does not require special steps, basically it’s a Next, Next, Finish setup.
2 Setup Fastvue Server as a Syslog Server in FortiGate
After successfully install we need to add Fortigate devices to our FastVue server. In order to accomplish this we need execute some commands in Fortigate CLI as follow:
config log syslogd setting
set status enable
set facility user
set port 514
set server x.x.x.x
set mode reliable (use this setting for TCP otherwise use mode udp)
end3 Setup forward, local and anomaly traffic logging
config log syslogd filter
set forward-traffic enable
set local-traffic enable
set anomaly enable
set severity information
end4 Setup logging of all urls, referrers and headers
config webfilter profile
edit default
set log-all-url enable
set web-filter-referer-log enable
set extended-log enable
set web-extended-all-action-log enable
endNow FastVue is ready to read logs. For this we need to add a datasource per each device we have and this can be done from Settings -> Sources -> Add Source in FastVue webpage.
Now we are ready to watch what is going on in our network. You will see in your dashboard something like the following image:
0 Comments