Created on 10-05-2016 01:06 AM Edited on 04-07-2022 12:41 PM By Anonymous
Description
These steps help determine if a Collector is successfully communicating and sending events to the Super.
Ex. Grep "172\.10\.10\.100" ssl_access_log
(Note that the dots in the IP address are escaped (regular expression))
> A 'PUT' in a log message indicates Collector sending data to Super
> A 'GET' in a log message indicates Super sending config type changes to Collector
You should see messages like the following if the Super is receiving events from the Collector
May 18 08:44:35 darla-va phEventHandler: [PH_EVT_HANDLER_DBG]:[eventSeverity]=PHL_DEBUG,[procName]=phEventHandler,[fileName]=phHttpRequestHandler.cpp,[lineNumber]=137,[phLogDetail]=Uploaded file /opt/phoenix/cache/parser/upload/evt/10000_WrTKck.evt from 172.16.22.139 (agentId = 10000) saved
May 18 08:44:35 darla-va phParser[3285]: [PH_GENERIC_DEBUG]:[eventSeverity]=PHL_DEBUG,[procName]=phParser,[fileName]=parserProcess.cpp,[lineNumber]=3247,[phLogDetail]=received msg: 10000, file: /opt/phoenix/cache/parser/upload/evt/10000_WrTKck.evt
Run 'grep failed phoenix.log'
All
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.