Task monitor
Using the task monitor, you can view the status of the tasks that you have performed.
Go to System Settings > Task Monitor, then select a task category in the View field. Select the history icon, , for task details.
Figure 75:Task monitor window
The following information is displayed:
| ID | The identification number for a task. |
| Source | The platform from where the task is performed. |
| Expand Arrow | Select to display the specific actions taken under this task. |
| Description | The nature of the task. |
| User | The users who have performed the tasks. |
Status The status of the task (hover over the icon to view the description):
- All: All types of tasks.
- Done: Completed with success.
- Error: Completed without success.
- Cancelled: User cancelled the task.
- Cancelling: User is cancelling the task.
- Aborted: The FortiAnalyzer system stopped performing this task.
- Aborting: The FortiAnalyzer system is stopping performing this task.
- Running: Being processed. In this status, a percentage bar appears in the Status column.
| Start Time | The time that the task was performed. |
| ADOM | The ADOM associated with the task. |
History Select the history icon to view task details.
The following options are available in the toolbar:
| Delete | Remove the selected task or tasks from the list. |
| View | Select which tasks to view from the drop-down list, based on their status. Select one of the following: Running, Pending, Done, Error, Cancelling, Cancelled, Aborting, Aborted, Warning, or All. |
Advanced
The advanced tree menu enables you to configure SNMP, meta field data, and other settings. The following options are available:
| SNMP v1/v2c | Select to configure FortiGate and FortiAnalyzer reporting through SNMP traps. See “SNMP v1/v2c” on page 103. |
| Mail Server | Select to configure mail server settings. See “Mail server” on page 108. |
| Syslog Server | Select to configure syslog server settings. See “Syslog server” on page 108. |
| Meta Fields | Select to configure meta-fields. See “Meta fields” on page 109. |
| Device Log Settings | Select to configure log settings and access and to view the task monitor. See “Device log settings” on page 111 |
| File Management | Select to configure automatic deletion settings for file and reports. See “File management” on page 112. |
| Advanced settings | Select to configure ADOM mode, download the WSDL file, and configure the task list size. See “Advanced settings” on page 113. |
SNMP v1/v2c
Simple Network Management Protocol (SNMP) allows you to monitor hardware on your network. You can configure the hardware, such as the FortiAnalyzer SNMP agent, to report system information and send traps (alarms or event messages) to SNMP managers. An SNMP manager, or host, is typically a computer running an application that can read the incoming trap and event messages from the agent and send out SNMP queries to the SNMP agents. A FortiManager unit can act as an SNMP manager, or host, to one or more FortiAnalyzer units.
By using an SNMP manager, you can access SNMP traps and data from any FortiAnalyzer interface configured for SNMP management access. Part of configuring an SNMP manager is to list it as a host in a community on the FortiAnalyzer unit it will be monitoring. Otherwise the SNMP monitor will not receive any traps from that FortiAnalyzer unit, or to query that unit.
You can configure the FortiAnalyzer unit to respond to traps and send alert messages to SNMP managers that were added to SNMP communities. When you are configuring SNMP, you need to first download and install both the FORTINET-CORE-MIB.mib and
FORTINET-FORTIMANAGER-FORTIANALYZER-MIB.mib files so that you can view these alerts in a readable format. The Fortinet MIB contains support for all Fortinet devices, and includes some generic SNMP traps; information responses and traps that FortiAnalyzer units send are a subset of the total number supported by the Fortinet proprietary MIB.
Your SNMP manager may already include standard and private MIBs in a compiled database
which is all ready to use; however, you still need to download both the
FORTINET-CORE-MIB.mib and FORTINET-FORTIANALYZER-MIB.mib files regardless.
FortiAnalyzer SNMP is read-only: SNMP v1 and v2 compliant SNMP managers have read-only access to FortiAnalyzer system information and can receive FortiAnalyzer traps. RFC support includes most of RFC 2665 (Ethernet-like MIB) and most of RFC 1213 (MIB II). FortiAnalyzer units also use object identifiers from the Fortinet proprietary MIB.
For more information about the MIBs and traps that are available for the FortiAnalyzer unit, see “SNMP MIB Support” on page 249.
SNMP traps alert you to events that happen, such as an a log disk being full or a virus being detected.
SNMP fields contain information about your FortiAnalyzer unit, such as percent CPU usage or the number of sessions. This information is useful to monitor the condition of the unit, both on an ongoing basis and to provide more information when a trap occurs.
Configuring the SNMP agent
The SNMP Agent sends SNMP traps that originate on the FortiAnalyzer system to an external monitoring SNMP manager defined in one of the FortiAnalyzer SNMP communities. Typically an SNMP manager is an application on a local computer that can read the SNMP traps and generate reports or graphs from them.
The SNMP manager can monitor the FortiAnalyzer system to determine if it is operating properly, or if there are any critical events occurring. The description, location, and contact information for this FortiAnalyzer system will be part of the information an SNMP manager will have — this information is useful if the SNMP manager is monitoring many devices, and it will enable faster responses when the FortiAnalyzer system requires attention.
Go to System Settings > Advanced > SNMP v1/v2c to configure the SNMP Agent.
Figure 76:SNMP v1/v2c dialog box
Configure the following settings:
| SNMP Agent | Select to enable the FortiAnalyzer SNMP agent. When this is enabled, it sends FortiAnalyzer SNMP traps. |
| Description | Enter a description of this FortiAnalyzer system to help uniquely identify this unit. |
| Location | Enter the location of this FortiAnalyzer system to help find it in the event it requires attention. |
| Contact | Enter the contact information for the person in charge of this FortiAnalyzer system. |
| Communities | The list of SNMP communities added to the FortiAnalyzer configuration. |
| Create New | Select Create New to add a new SNMP community.
If SNMP Agent is not selected, this control will not be visible. For more information, see “Configuring an SNMP community” on page 105. |
| Community
Name |
The name of the SNMP community. |
Queries The status of SNMP queries for each SNMP community.
| Enable | Select to enable or unselect to disable the SNMP community. |
| Delete | Select to remove an SNMP community. |
| Edit | Select to edit an SNMP community. |
Configuring an SNMP community
An SNMP community is a grouping of devices for network administration purposes. Within that SNMP community, devices can communicate by sending and receiving traps and other information. One device can belong to multiple communities, such as one administrator terminal monitoring both a firewall SNMP community and a printer SNMP community.
You can add an SNMP community to define a destination IP address that can be selected as the recipient (SNMP manager) of FortiAnalyzer unit SNMP alerts. Defined SNMP communities are also granted permission to request FortiAnalyzer unit system information using SNMP traps.
Each community can have a different configuration for SNMP queries and traps. Each community can be configured to monitor the FortiAnalyzer unit for a different set of events. You can also add the IP addresses of up to eight SNMP managers to each community.
To create a new SNMP community:
- Go to System Settings > Advanced > SNMP v1/v2c.
- Ensure that the SNMP Agent is enabled and, under Communities, select Create New.
The New SNMP Community dialog box opens.
Figure 77:New SNMP community
- Enter the following information as required.
| Community
Name |
Enter a name to identify the SNMP community. If you are editing an existing community, you will be unable to change the name. |
| Hosts | The list of FortiAnalyzer that can use the settings in this SNMP community to monitor the FortiAnalyzer system. Select Add to create a new entry that you can edit. |
| IP Address | Enter the IP address of an SNMP manager. By default, the IP address is 0.0.0.0 so that any SNMP manager can use this SNMP community. |
| Interface | Select the name of the interface that connects to the network where this SNMP manager is located from the drop-down list. You need to do this if the SNMP manager is on the Internet or behind a router. |
| Delete | Select to remove this SNMP manager entry. |
| Add | Select to add a new default entry to the Hosts list that you can edit as needed. You can have up to eight SNMP manager entries for a single community. |
| Queries | Enter the port numbers (161 by default) that the FortiAnalyzer system uses to send SNMP v1 and SNMP v2c queries to the FortiAnalyzer in this community. Enable queries for each SNMP version that the FortiAnalyzer system uses.
The SNMP client software and the FortiAnalyzer unit must use the same port for queries. |
| Traps | Enter the Remote port numbers (162 by default) that the FortiAnalyzer system uses to send SNMP v1 and SNMP v2c traps to the FortiAnalyzer
in this community. Enable traps for each SNMP version that the FortiAnalyzer system uses. The SNMP client software and the FortiAnalyzer unit must use the same port for traps. |
| SNMP Event | Enable the events that will cause the FortiAnalyzer unit to send SNMP traps to the community. SNMP events will vary based on the device model and type. These events include:
• Interface IP changed • Log disk space low • System Restart • RAID Event • Power Supply Failed • CPU Overusage • Memory Low • Log Alert • Log Rate • Data Rate |
- Select OK to create the SNMP community.
To edit an SNMP community:
- Go to System Settings > Advanced > SNMP v1/v2c.
- In the Action column of the community you need to edit, select the edit icon.
The Edit SNMP Community dialog box opens.
- Edit the SNMP community settings as required and then select OK.
To delete an SNMP community:
- Go to System Settings > Advanced > SNMP v1/v2c.
- In the Action column of the community you need to delete, select the delete icon.
- Select OK in the confirmation dialog box to delete the SNMP community.
Mail server
Configure SMTP mail server settings for alerts, edit existing settings, or delete mail servers.
Figure 78:Mail server window
Select Create New in the toolbar to configure mail server settings.
Figure 79:Mail server settings
Configure the following settings and then select OK:
SMTP Server Enter the SMTP server domain information, e.g. mail@company.com.
SMTP Server Port Enter the SMTP server port number. The default port is 25.
Enable Authentication Select to enable authentication.
Email Account Enter an email account, e.g. admin@company.com.
Password Enter the email account password.
Syslog server
Configure syslog server settings for alerts, edit existing settings, or delete syslog servers. Select Create New in the toolbar to add a new syslog server.
Figure 80:Syslog server window
Select Create New to configure a new syslog server.
Figure 81:Syslog server settings
Configure the following settings and then select OK:
| Name | Enter a name for the syslog server. |
| IP address (or FQDN) | Enter the IP address or FQDN of the syslog server. |
| Port | Enter the syslog server port number. The default port is 514. |
Meta fields
Meta fields allow administrators to add extra information when configuring, adding, or maintaining FortiGate units. You can make the fields mandatory or optional, and set the length of the field.
With the fields set as mandatory, administrators must supply additional information when they create a new FortiGate object, such as an administrator account or firewall policy. Fields for this new information are added to the FortiGate unit dialog boxes in the locations where you create these objects. You can also provide fields for optional additional information.
Go to System Settings > Advanced > Meta Fields to configure meta fields.
Figure 82:System metadata
The following information is displayed:
| Meta Fields | The name of this meta data field. Select the name to edit this field. See “To edit a metadata field:” on page 111. |
| Length | The maximum length of this metadata field. |
| Importance | Indicates whether this field is required or optional. |
| Status | Indicates whether this field is enabled or disabled. |
The following options are available in the toolbar:
| Create New | Create a new meta data field for this object. See “To create a new metadata field:” on page 110. |
| Delete | Delete the selected meta data field. See “To delete metadata fields:” on page 111. |
To create a new metadata field:
- Go to System Settings > Advanced > Meta Fields.
- Select Create New in the toolbar.
The Add Meta-field window opens.
Figure 83:Add a meta-field
- Configure the following settings:
| Object | The system object to which this metadata field applies. Select either Devices, Device Groups, or Administrative Domains. |
| Name | Enter the label to use for the field. |
| Length | Select the maximum number of characters allowed for the field from the drop-down list (20, 50, or 255). |
| Importance | Select Required to make the field compulsory, otherwise select Optional. |
| Status | Select Disabled to disable this field. The default selection is Enabled. |
- Select OK to create the new field.
To edit a metadata field:
- From the meta field list, either double-click a meta filed, or right-click on a meta field then select Edit.
The Edit Meta-field dialog box opens
Only the length, importance, and status of the meta field can be edited.
- Edit the settings as required, then select OK to apply the changes.
To delete metadata fields:
- From the meta field list, select the meta fields that you need to delete.
The default meta fields cannot be deleted.
- Select Delete, in the toolbar, then select OK in the confirmation box to delete the fields.
Device log settings
The device log settings menu allows you to configure event logging to disk and log rollover and upload options.
Go to System Settings > Advanced > Device Log Settings to configure device log settings.
Figure 84:Device log settings window
Configure the following settings and select Apply to apply your changes:
| Rollover Options | |
| Roll log file when size exceeds | Enter the log file size, from 50 to 500 MB. |
| Roll log files at a regular time | Select to roll logs daily or weekly. When selecting daily, select the hour and minute value in the drop-down lists. When selecting weekly, select the day, hour, and minute value in the drop-down lists. |
| Enable log uploading | Select to upload real time device logs. |
| Upload Server Type | Select one of FTP, SFTP, or SCP. |
| Upload Server IP | Enter the IP address of the upload server. |
| Username | Select the username that will be used to connect to the upload server. |
| Password | Select the password that will be used to connect to the upload server. |
| Remote Directory | Select the remote directory on the upload server where the log will be uploaded. |
| Upload Log Files | Select to upload log files when they are rolled according to settings selected under Roll Logs or daily at a specific hour. |
Upload rolled files in Select to gzip the logs before uploading. This will result in smaller gzipped format logs, and faster upload times.
Delete files after Select to remove device log files from the FortiAnalyzer system after uploading they have been uploaded to the Upload Server.