cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

ESM 9.5 and Fortigate data source problem

Hi Guys,

i have problem with my Fortigate data source. When i add my fortigate data source... i get only one rule TRAFFIC Traffic local message, but this isnt good.

Can you help my?

many thanks

Jiri

4 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: ESM 9.5 and Fortigate data source problem

Can you verify that there are logs being sent from the Fortigate that are not being parsed? I recommend turning on "Log "Unknown Syslog" Event under the data source to see if there are additional logs that are being provided that are not being parsed. If so, parsing rules can be created.

Highlighted

Re: ESM 9.5 and Fortigate data source problem

Hi,

Yes that's the event summary name under fortigate, you need to go into details of the each events by clicking on event drill down --> events.

Hope this helps!

Regards,

Vinaya.

Highlighted

Re: ESM 9.5 and Fortigate data source problem

McAfee ESM (any version) not parsing the fortigate ver 5.x events. It will parse only fortigate version 4.x. We created the ticket to support and find the below answer for the same.

More than 1 year mcafee not provide any solution for fortigate Ver 5.    

===========================================================

Fortinet have introduced event ID 13 (description: Traffic Forward). "Forward" is described by Fortinet as traffic that passes through the FortiGate unit.  Many events are now categorized as the "Traffic Forward" event that were previously categorized as more granular events.

So our parsing hasn't changed, but the way Fortinet is categorizing the events has and this is why you are seeing differences.

Note :  But the product supported list they mentioned the forigate ver.5. They should remove the ver 5 from the list.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: ESM 9.5 and Fortigate data source problem

There were some Fortinet rule updates on 7/21/15 and 8/3/15. It's worth taking another look after a rule update.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community