[Fortigate Vm License Keygen
Kody Coste
This is in every panel on the dashboard - "Error in 'SearchParser': The search specifies a macro 'fgt_logs' that cannot be found. Reasons include: the macro name is misspelled, you do not have "read" permission for the macro, or the macro has not been shared with this application. Click Settings, Advanced search, Search Macros to view macro information. "
Thank's jerryzhao. This is it. But now I have in dashboard overview - "Device 0", "Session 0" ect. And in dashboard traffic "No result found" on every panels.
When I search data in Splunk-search I saw every log from fortigate.
It works. Removing/uninstall app and add-on, reinstalling, copying the props.conf file from the default folder to the local folder, and editing this file (fgt_log change) helped.
Thanks again for help in need.
Hey Jerry. We've now got this TA installed and are sending our FortiGate data - via syslog-ng - to Splunk. We're telling the forwarder the sourcetype is fgt_log - and all the events are treated as such, and thus not getting tagged as firewall,attack.
you can do that but not advised, unless only graphs by fgt_traffic are what you care about.
they should be tagged with fgt_traffic, fgt_utm, fgt_event... once regex match them to those categories. you said when you uploaded sample log they were correctly tagged. but not with your fortigate logs? can you send me one piece of fortigate log to show me the format?
I noticed that the release notes for the TA state that 'From version 1.2, the Splunk TA(Add-on) for fortigate no longer match wildcard source or sourcetype to extract fortigate log data', that fgt_log is used by default - and that it's up to the customer if they want to use props/transforms in the /local folder to split the sourcetypes.
Another question Jerry, do you know why the ftnt_fgt_virus event type tags events with the 'operations' tag? It means they get picked up by the ES malware operations lookup gen and written to the malware operations tracker, for no good reason - as far as I can tell, and they therefore contribute to some of the Key Indicator searches relating to # malware clients, # clients updating signatures etc.
i think that was intended for CIM model so our data can be shown in ES dashboards. As whether it is relevant or not, could you show me what the specific problem is? Maybe a screen shot will help me identify the issue.
Thanks!
There's a saved search in ES that populates the malware_operations_tracker lookup based on those events matching the malware and operations tags - which includes some of the Fortigate events, based on your TA.
I have been trying to create a VPN with my SSG20 and Fortigate 60B, the problem is that i can only reach the untrust zone from both the sides. Below is the configuration i did on my SSG20. Any help would be useful.
Thanks for the reply ;-).I corrrected the outgoing interface. Now the juniper is showing the error "Phase 1 - Retransmission limit have been reached". Here i have checked the DH group. Selected the same encryption type, mode initiator is aggressive mode and also there is the same subnet for the proxy ID. But also thetunnel is not up yet...Please help.
So they are not able to reach other so check the pre-shared is matching at both ends or all your Phase I options at both ends like encryption algorithm or deffie hellman group for a mismatch.Check when you started getting the phase I messages.
Here the preshared key is matching, i have checked it many times. I am not allowing the internet at both ends and i am assigning a static IP address. Here i can hit the each others outgoing interface but not the private network. I have done VPN with Juniper at both ends and they are working fine but with fortigate 60B it is not showing a sign of connectivity.
First i tried with the main mode and again with the aggressive mode (both ends). Now i have again changed the setting to main mode. Its not working. I can only ping the remotes untrust interface. No more than that.
Thanks to all. I have a gud news. Now the VPN with fortigate is working. I canged the whole configuration and implemented a policy based VPN and also enabled a proxy ID. Major concerns are parameters so after many attempts finally the tunnel is UP and is working very fine. Thanks to WL, Gavrilo and all who help me in all possible ways.
795a8134c1