Description
Scope
Solution
This article describes the FortiAnalyzer configuration required for a FortiPortal integration (collector Mode).
Scope
Solution
The following parameters must be configured before adding a FortiAnalyzer to FortiPortal.
FortiPortal communicates using API with the FortiAnalyzer.
To permit this communication without restriction, a dedicated user must be configured and allowed to access the Remote Procedure Call in read-write.
1) Create a dedicated FortiPortal user with RPC read-write.In firmware version 6.2.2, this can be enable in GUI:#config system admin user
edit "fpc"
set profileid "Super_User"
set adom "all_adoms"
set policy-package "all_policy_packages"
set password fortinet
set rpc-permit read-write
next
end
If the FortiPortal has been configured to communicate with the FortiAnalyzer using the XML API, the 'Web Service' feature must be enabled on the FortiAnalyzer management interface under 'Administrative access'.
2) Enable Web Service.
#config system interface
edit "port1"
set allowaccess ping https ssh telnet http webservice
next
end
In GUI:
FortiPortal in collector mode able to accept logs from Fortigate direct or FortiAnalzyer and it need to be in syslog format.
3) FortiAnalyzer log forwarding setting.
4) FortiGate syslog setting.
#config log syslogd setting
set status enable
set server "10.130.0.101"
end
