Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

snmp

Use the following commands to configure SNMP related settings.

snmp community

Use this command to configure SNMP communities on your FortiAnalyzer unit.

You add SNMP communities so that SNMP managers, typically applications running on computers to monitor SNMP status information, can connect to the FortiAnalyzer unit (the SNMP agent) to view system information and receive SNMP traps. SNMP traps are triggered when system events happen such as when there is a system restart, or when the log disk is almost full.

You can add up to three SNMP communities, and each community can have a different configuration for SNMP queries and traps. Each community can be configured to monitor the FortiAnalyzer unit for a different set of events.

Hosts are the SNMP managers that make up this SNMP community. Host information includes the IPv4 address and interface that connects it to the FortiAnalyzer unit.

For more information on SNMP traps and variables, see the Fortinet Document Library.

Part of configuring an SNMP manager is to list it as a host in a community on the FortiAnalyzer unit that it will be monitoring. Otherwise that SNMP manager will not receive any traps or events from the FortiAnalyzer unit, and will be unable to query the FortiAnalyzer unit as well.

Syntax

config system snmp community

edit <index_number>

set events <events_list>

set name <community_name>

set query-v1-port <integer>

set query-v1-status {enable | disable}

set query-v2c-port <integer>

set query-v2c-status {enable | disable}

set status {enable | disable}

set trap-v1-rport <integer>

set trap-v1-status {enable | disable}

set trap-v2c-rport <integer>

set trap-v2c-status {enable | disable}

config hosts

edit <host_number>

set interface <interface_name>

set ip <ipv4_address>

end

config hosts6

edit <host_number>

set interface <interface_name>

set ip <ipv6_address>

end

end

Variable Description
<index_number> Enter the index number of the community in the SNMP communities table. Enter an unused index number to create a new SNMP community.
events <events_list>

Enable the events for which the FortiAnalyzer unit should send traps to the SNMP managers in this community. The raid_changed event is only available for devices which support RAID.

  • cpu-high-exclude-nice: CPU usage exclude NICE threshold. 
  • cpu_high: CPU usage too high.
  • disk_low: Disk usage too high.
  • ha_switch: HA switch.
  • intf_ip_chg: Interface IP address changed.
  • lic-dev-quota: High licensed device quota detected.
  • lic-gbday: High licensed log GB/day detected.
  • log-alert: Log base alert message.
  • log-data-rate: High incoming log data rate detected.
  • log-rate: High incoming log rate detected.
  • mem_low: Available memory is low.
  • raid_changed: RAID status changed.
  • sys_reboot: System reboot.

Default: All events enabled

name <community_name>

Enter the name of the SNMP community. Names can be used to distinguish between the roles of the hosts in the groups.

For example the Logging and Reporting group would be interested in the disk_low events, but likely not the other events.

The name is included in SNMPv2c trap packets to the SNMP manager, and is also present in query packets from, the SNMP manager.

query-v1-port <integer> Enter the SNMPv1 query port number used when SNMP managers query the FortiAnalyzer unit. Default: 161. Range: 1 to 65535
query-v1-status {enable | disable} Enable/disable SNMPv1 queries for this SNMP community. Default: enable
query-v2c-port <integer> Enter the SNMP v2c query port number used when SNMP managers query the FortiAnalyzer unit. SNMP v2c queries will include the name of the community.Default: 161. Range: 1 to 65535
query-v2c-status {enable | disable} Enable/disable SNMPv2c queries for this SNMP community. Default: enable
status {enable | disable} Enable/disable this SNMP community. Default: enable
trap-v1-rport <integer> Enter the SNMPv1 remote port number used for sending traps to the SNMP managers. Default: 162. Range: 1 to 65535
trap-v1-status {enable | disable} Enable/disable SNMPv1 traps for this SNMP community. Default: enable
trap-v2c-rport <integer> Enter the SNMPv2c remote port number used for sending traps to the SNMP managers. Default: 162. Range: 1 to 65535
trap-v2c-status {enable | disable} Enable/disable SNMPv2c traps for this SNMP community. SNMP v2c traps sent out to SNMP managers include the community name. Default: enable
Variables for config hosts subcommand:
<host_number> Enter the index number of the host in the table. Enter an unused index number to create a new host.
interface <interface_name> Enter the name of the FortiAnalyzer unit that connects to the SNMP manager.
ip <ipv4_address> Enter the IPv4 address of the SNMP manager. Default: 0.0.0.0
Variables for config hosts6 subcommand:
<host_number> Enter the index number of the host in the table. Enter an unused index number to create a new host.
interface <interface_name> Enter the name of the FortiAnalyzer unit that connects to the SNMP manager.
ip <ipv6_address> Enter the IPv4 address of the SNMP manager.

Example

This example shows how to add a new SNMP community named SNMP_Com1. The default configuration can be used in most cases with only a few modifications. In the example below the community is added, given a name, and then because this community is for an SNMP manager that is SNMP v1 compatible, all v2c functionality is disabled. After the community is configured the SNMP manager, or host, is added. The SNMP manager IPv4 address is 192.168.20.34 and it connects to the FortiAnalyzer unit internal interface.

config system snmp community

edit 1

set name SNMP_Com1

set query-v2c-status disable

set trap-v2c-status disable

config hosts

edit 1

set interface internal

set ip 192.168.10.34

end

end

snmp sysinfo

Use this command to enable the FortiAnalyzer SNMP agent and to enter basic system information used by the SNMP agent. Enter information about the FortiAnalyzer unit to identify it. When your SNMP manager receives traps from the FortiAnalyzer unit, you will know which unit sent the information. Some SNMP traps indicate high CPU usage, log full, or low memory.

For more information on SNMP traps and variables, see the Fortinet Document Library.

Syntax

config system snmp sysinfo

set contact-info <string>

set description <description>

set engine-id <string>

set fortianalyzer-legacy-sysoid <string>

set location <location>

set status {enable | disable}

set trap-high-cpu-threshold <percentage>

set trap-low-memory-threshold <percentage>

set trap-cpu-high-exclude-nice-threshold <percentage>

end

Variable

Description

contact-info <string>

Add the contact information for the person responsible for this FortiAnalyzer unit. Character limit: 35

description <description>

Add a name or description of the FortiAnalyzer unit. Character limit: 35

engine-id <string>

Local SNMP engine ID string. Character limit: 24

fortianalyzer-legacy-sysoid <string>

Enable to switch back to legacy FortiAnalyzer sysObjectOID.

location <location>

Describe the physical location of the FortiAnalyzer unit. Character limit: 35

status {enable | disable}

Enable/disable the FortiAnalyzer SNMP agent. Default: disable

trap-high-cpu-threshold <percentage>

CPU usage when trap is set. Default: 80

trap-low-memory-threshold <percentage>

Memory usage when trap is set. Default: 80

trap-cpu-high-exclude-nice-threshold <percentage>

CPU high usage excludes nice when the trap is sent.

Example

This example shows how to enable the FortiAnalyzer SNMP agent and add basic SNMP information.

config system snmp sysinfo

set status enable

set contact-info 'System Admin ext 245'

set description 'Internal network unit'

set location 'Server Room A121'

end

snmp user

Use this command to configure SNMPv3 users on your FortiAnalyzer unit. To use SNMPv3, you will first need to enable the FortiAnalyzer SNMP agent. For more information, see snmp sysinfo. There should be a corresponding configuration on the SNMP server in order to query to or receive traps from FortiAnalyzer .

For more information on SNMP traps and variables, see the Fortinet Document Library.

Syntax

config system snmp user

edit <name>

set auth-proto {md5 | sha}

set auth-pwd <passwd>

set events <events_list>

set notify-hosts <ipv4_address>

set notify-hosts6 <ipv6_address>

set priv-proto {aes | des}

set priv-pwd <passwd>

set queries {enable | disable}

set query-port <integer>

set security-level {auth-no-priv | auth-priv | no-auth-no-priv}

end

end

Variable

Description

<name>

Enter a SNMPv3 user name to add, edit, or delete.

auth-proto {md5 | sha}

Authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable. The following options are available: 

  • md5: HMAC-MD5-96 authentication protocol
  • sha: HMAC-SHA-96 authentication protocol

auth-pwd <passwd>

Password for the authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

events <events_list>

Enable the events for which the FortiAnalyzer unit should send traps to the SNMPv3 managers in this community. The raid_changed event is only available for devices which support RAID. 

  • cpu-high-exclude-nice: CPU usage exclude nice threshold.
  • cpu_high: The CPU usage is too high.
  • disk_low: The log disk is getting close to being full.
  • ha_switch: A new unit has become the HA master.
  • intf_ip_chg: An interface IP address has changed.
  • lic-dev-quota: High licensed device quota detected.
  • lic-gbday: High licensed log GB/Day detected.
  • log-alert: Log base alert message.
  • log-data-rate: High incoming log data rate detected.
  • log-rate: High incoming log rate detected.
  • mem_low: The available memory is low.
  • raid_changed: RAID status changed.
  • sys_reboot: The FortiAnalyzer unit has rebooted.

Default: All events enabled.

notify-hosts <ipv4_address>

Hosts to send notifications (traps) to.

notify-hosts6 <ipv6_address>

Hosts to send notifications (traps) to.

priv-proto {aes | des}

Privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable. The following options are available: 

  • aes: CFB128-AES-128 symmetric encryption protocol
  • des: CBC-DES symmetric encryption protocol

priv-pwd <passwd>

Password for the privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

queries {enable | disable}

Enable/disable queries for this user. Default: enable

query-port <integer>

SNMPv3 query port. Default: 161. Range: 1 to 65535

security-level {auth-no-priv | auth-priv | no-auth-no-priv}

Security level for message authentication and encryption. The following options are available: 

  • auth-no-priv: Message with authentication but no privacy (encryption).
  • auth-priv: Message with authentication and privacy (encryption).
  • no-auth-no-priv: Message with no authentication and no privacy (encryption).

Default: no-auth-no-priv

Use the show command to display the current configuration if it has been changed from its default value:

show system snmp user

snmp

Use the following commands to configure SNMP related settings.

snmp community

Use this command to configure SNMP communities on your FortiAnalyzer unit.

You add SNMP communities so that SNMP managers, typically applications running on computers to monitor SNMP status information, can connect to the FortiAnalyzer unit (the SNMP agent) to view system information and receive SNMP traps. SNMP traps are triggered when system events happen such as when there is a system restart, or when the log disk is almost full.

You can add up to three SNMP communities, and each community can have a different configuration for SNMP queries and traps. Each community can be configured to monitor the FortiAnalyzer unit for a different set of events.

Hosts are the SNMP managers that make up this SNMP community. Host information includes the IPv4 address and interface that connects it to the FortiAnalyzer unit.

For more information on SNMP traps and variables, see the Fortinet Document Library.

Part of configuring an SNMP manager is to list it as a host in a community on the FortiAnalyzer unit that it will be monitoring. Otherwise that SNMP manager will not receive any traps or events from the FortiAnalyzer unit, and will be unable to query the FortiAnalyzer unit as well.

Syntax

config system snmp community

edit <index_number>

set events <events_list>

set name <community_name>

set query-v1-port <integer>

set query-v1-status {enable | disable}

set query-v2c-port <integer>

set query-v2c-status {enable | disable}

set status {enable | disable}

set trap-v1-rport <integer>

set trap-v1-status {enable | disable}

set trap-v2c-rport <integer>

set trap-v2c-status {enable | disable}

config hosts

edit <host_number>

set interface <interface_name>

set ip <ipv4_address>

end

config hosts6

edit <host_number>

set interface <interface_name>

set ip <ipv6_address>

end

end

Variable Description
<index_number> Enter the index number of the community in the SNMP communities table. Enter an unused index number to create a new SNMP community.
events <events_list>

Enable the events for which the FortiAnalyzer unit should send traps to the SNMP managers in this community. The raid_changed event is only available for devices which support RAID.

  • cpu-high-exclude-nice: CPU usage exclude NICE threshold. 
  • cpu_high: CPU usage too high.
  • disk_low: Disk usage too high.
  • ha_switch: HA switch.
  • intf_ip_chg: Interface IP address changed.
  • lic-dev-quota: High licensed device quota detected.
  • lic-gbday: High licensed log GB/day detected.
  • log-alert: Log base alert message.
  • log-data-rate: High incoming log data rate detected.
  • log-rate: High incoming log rate detected.
  • mem_low: Available memory is low.
  • raid_changed: RAID status changed.
  • sys_reboot: System reboot.

Default: All events enabled

name <community_name>

Enter the name of the SNMP community. Names can be used to distinguish between the roles of the hosts in the groups.

For example the Logging and Reporting group would be interested in the disk_low events, but likely not the other events.

The name is included in SNMPv2c trap packets to the SNMP manager, and is also present in query packets from, the SNMP manager.

query-v1-port <integer> Enter the SNMPv1 query port number used when SNMP managers query the FortiAnalyzer unit. Default: 161. Range: 1 to 65535
query-v1-status {enable | disable} Enable/disable SNMPv1 queries for this SNMP community. Default: enable
query-v2c-port <integer> Enter the SNMP v2c query port number used when SNMP managers query the FortiAnalyzer unit. SNMP v2c queries will include the name of the community.Default: 161. Range: 1 to 65535
query-v2c-status {enable | disable} Enable/disable SNMPv2c queries for this SNMP community. Default: enable
status {enable | disable} Enable/disable this SNMP community. Default: enable
trap-v1-rport <integer> Enter the SNMPv1 remote port number used for sending traps to the SNMP managers. Default: 162. Range: 1 to 65535
trap-v1-status {enable | disable} Enable/disable SNMPv1 traps for this SNMP community. Default: enable
trap-v2c-rport <integer> Enter the SNMPv2c remote port number used for sending traps to the SNMP managers. Default: 162. Range: 1 to 65535
trap-v2c-status {enable | disable} Enable/disable SNMPv2c traps for this SNMP community. SNMP v2c traps sent out to SNMP managers include the community name. Default: enable
Variables for config hosts subcommand:
<host_number> Enter the index number of the host in the table. Enter an unused index number to create a new host.
interface <interface_name> Enter the name of the FortiAnalyzer unit that connects to the SNMP manager.
ip <ipv4_address> Enter the IPv4 address of the SNMP manager. Default: 0.0.0.0
Variables for config hosts6 subcommand:
<host_number> Enter the index number of the host in the table. Enter an unused index number to create a new host.
interface <interface_name> Enter the name of the FortiAnalyzer unit that connects to the SNMP manager.
ip <ipv6_address> Enter the IPv4 address of the SNMP manager.

Example

This example shows how to add a new SNMP community named SNMP_Com1. The default configuration can be used in most cases with only a few modifications. In the example below the community is added, given a name, and then because this community is for an SNMP manager that is SNMP v1 compatible, all v2c functionality is disabled. After the community is configured the SNMP manager, or host, is added. The SNMP manager IPv4 address is 192.168.20.34 and it connects to the FortiAnalyzer unit internal interface.

config system snmp community

edit 1

set name SNMP_Com1

set query-v2c-status disable

set trap-v2c-status disable

config hosts

edit 1

set interface internal

set ip 192.168.10.34

end

end

snmp sysinfo

Use this command to enable the FortiAnalyzer SNMP agent and to enter basic system information used by the SNMP agent. Enter information about the FortiAnalyzer unit to identify it. When your SNMP manager receives traps from the FortiAnalyzer unit, you will know which unit sent the information. Some SNMP traps indicate high CPU usage, log full, or low memory.

For more information on SNMP traps and variables, see the Fortinet Document Library.

Syntax

config system snmp sysinfo

set contact-info <string>

set description <description>

set engine-id <string>

set fortianalyzer-legacy-sysoid <string>

set location <location>

set status {enable | disable}

set trap-high-cpu-threshold <percentage>

set trap-low-memory-threshold <percentage>

set trap-cpu-high-exclude-nice-threshold <percentage>

end

Variable

Description

contact-info <string>

Add the contact information for the person responsible for this FortiAnalyzer unit. Character limit: 35

description <description>

Add a name or description of the FortiAnalyzer unit. Character limit: 35

engine-id <string>

Local SNMP engine ID string. Character limit: 24

fortianalyzer-legacy-sysoid <string>

Enable to switch back to legacy FortiAnalyzer sysObjectOID.

location <location>

Describe the physical location of the FortiAnalyzer unit. Character limit: 35

status {enable | disable}

Enable/disable the FortiAnalyzer SNMP agent. Default: disable

trap-high-cpu-threshold <percentage>

CPU usage when trap is set. Default: 80

trap-low-memory-threshold <percentage>

Memory usage when trap is set. Default: 80

trap-cpu-high-exclude-nice-threshold <percentage>

CPU high usage excludes nice when the trap is sent.

Example

This example shows how to enable the FortiAnalyzer SNMP agent and add basic SNMP information.

config system snmp sysinfo

set status enable

set contact-info 'System Admin ext 245'

set description 'Internal network unit'

set location 'Server Room A121'

end

snmp user

Use this command to configure SNMPv3 users on your FortiAnalyzer unit. To use SNMPv3, you will first need to enable the FortiAnalyzer SNMP agent. For more information, see snmp sysinfo. There should be a corresponding configuration on the SNMP server in order to query to or receive traps from FortiAnalyzer .

For more information on SNMP traps and variables, see the Fortinet Document Library.

Syntax

config system snmp user

edit <name>

set auth-proto {md5 | sha}

set auth-pwd <passwd>

set events <events_list>

set notify-hosts <ipv4_address>

set notify-hosts6 <ipv6_address>

set priv-proto {aes | des}

set priv-pwd <passwd>

set queries {enable | disable}

set query-port <integer>

set security-level {auth-no-priv | auth-priv | no-auth-no-priv}

end

end

Variable

Description

<name>

Enter a SNMPv3 user name to add, edit, or delete.

auth-proto {md5 | sha}

Authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable. The following options are available: 

  • md5: HMAC-MD5-96 authentication protocol
  • sha: HMAC-SHA-96 authentication protocol

auth-pwd <passwd>

Password for the authentication protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

events <events_list>

Enable the events for which the FortiAnalyzer unit should send traps to the SNMPv3 managers in this community. The raid_changed event is only available for devices which support RAID. 

  • cpu-high-exclude-nice: CPU usage exclude nice threshold.
  • cpu_high: The CPU usage is too high.
  • disk_low: The log disk is getting close to being full.
  • ha_switch: A new unit has become the HA master.
  • intf_ip_chg: An interface IP address has changed.
  • lic-dev-quota: High licensed device quota detected.
  • lic-gbday: High licensed log GB/Day detected.
  • log-alert: Log base alert message.
  • log-data-rate: High incoming log data rate detected.
  • log-rate: High incoming log rate detected.
  • mem_low: The available memory is low.
  • raid_changed: RAID status changed.
  • sys_reboot: The FortiAnalyzer unit has rebooted.

Default: All events enabled.

notify-hosts <ipv4_address>

Hosts to send notifications (traps) to.

notify-hosts6 <ipv6_address>

Hosts to send notifications (traps) to.

priv-proto {aes | des}

Privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable. The following options are available: 

  • aes: CFB128-AES-128 symmetric encryption protocol
  • des: CBC-DES symmetric encryption protocol

priv-pwd <passwd>

Password for the privacy (encryption) protocol. The security level must be set to auth-no-priv or auth-priv to use this variable.

queries {enable | disable}

Enable/disable queries for this user. Default: enable

query-port <integer>

SNMPv3 query port. Default: 161. Range: 1 to 65535

security-level {auth-no-priv | auth-priv | no-auth-no-priv}

Security level for message authentication and encryption. The following options are available: 

  • auth-no-priv: Message with authentication but no privacy (encryption).
  • auth-priv: Message with authentication and privacy (encryption).
  • no-auth-no-priv: Message with no authentication and no privacy (encryption).

Default: no-auth-no-priv

Use the show command to display the current configuration if it has been changed from its default value:

show system snmp user