Example: Configure the FortiGate device to communicate with a FortiAnalyzer unit:

Script:

#!

#This script will configure the FortiGate device to

#communicate with a FortiAnalyzer unit

#Enter the following key-value pairs for ‘config

#system fortianalyzer’ set status enable set enc-algorithm high

#localid will be set as the hostname automatically

#later

puts [exec “# This is an example Tcl script to configure the FortiGate to communicate with a FortiAnalyzer\n” “# ” 15 ]

set server 1.1.1.1

#for fortianalyzer, fortianalyzer2 or

#fortianalyzer3, enter the corresponding value “”,

#”2″, “3” set faz_no “”

#keys used for ‘config system fortianalyzer’, if you

#do not want to change the value of a key, do not put

#it in the list set key_list {status enc-algorithm localid server } ##procedure to get system status from a FortiGate proc get_sys_status aname { upvar $aname a

set input [split [exec “get system status\n” “# “] \n] foreach line $input {

if {![regexp {([^:]+):(.*)} $line dummy key value]} continue set a([string trim $key]) [string trim $value]

}

}

#procedure to execute FortiGate command proc fgt_cmd cmd {

puts -nonewline [exec “$cmd\n” “# “]

}

#set the localid as the FortiGate’s hostname

get_sys_status sys_status set localid $sys_status(Hostname) #config system fortianalyzer—begin fgt_cmd “config global”

fgt_cmd “config log fortianalyzer$faz_no setting” foreach key $key_list { if [info exists $key] { fgt_cmd “set $key [set $key]”

} else {

fgt_cmd “unset $key”

} } fgt_cmd “end” fgt_cmd “end”

#config system fortianalyzer—end Output:

Starting log (Run on device)

FortiGate-VM64 # config global

FortiGate-VM64 (global) # config log fortianalyzer setting

FortiGate-VM64 (setting) # set status enable

FortiGate-VM64 (setting) # set enc-algorithm high

FortiGate-VM64 (setting) # set localid FortiGate-VM64

FortiGate-VM64 (setting) # set server 1.1.1.1

FortiGate-VM64 (setting) # end

FortiGate-VM64 (global) # end

FortiGate-VM64 #

——- The end of log ———