Created on 11-01-2005 12:00 AM
Description | Using a FortiLog unit with a FortiGate unit and an MSSP reporting platform. |
Components |
|
Steps or Commands | Depending on how the MSSP operates, there can be several different options for logging and generating reports using a FortiLog unit. MSSP using VDOMTypically, one VDOM is partitioned per customer. The FortiGate unit sends all logs to the FortiLog unit. Included in the log message is the field "vdom=MSSP uses separate FortiGate unit per customerIn this scenario, a separate FortiGate unit is partitioned per customer. When configuring the report profile, select the FortiGate unit belonging to that customer. Only that log information is included in the report. MSSP uses IP address/IP range/interface to identify customerIn this scenario, a similar filtering option to the first example can be used. While the report configuration currently does not support an IP range, you can enter a source and destination IP address, source interface, and so on. The FortiLog unit can send the report results automatically to customers by email once the FortiLog unit has generated. You can also configure reports to run on a regular schedule, for example, to generate a monthly report. For more information on FortiLog report generation, see the FortiLog Administration Guide. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.