Fortinet black logo

New Features

FortiAI logging on FortiAnalyzer 7.0.1

Copy Link
Copy Doc ID 6dd8af04-513d-11eb-b9ad-00505692583a:889963
Download PDF

FortiAI logging on FortiAnalyzer 7.0.1

Starting in FortiAnalyzer 7.0.1, you can configure FortiAnalyzer to accept logs from a FortiAI device for use in the following ways:

  • FortiAnalyzer can recognize FortiAi devices.
  • FortiAI logs can be stored in Fabric ADOM.
  • FortiAI can be viewed in LogView.
  • FortiAI Device Type and Log Types are available in event handlers and report data sets.
To add a FortiAI device to FortiAnalyzer:
  1. On FortiAnalyzer, ensure you in are in the correct ADOM.
  2. Go to Device Manager and add the FortiAI device.
    Previously, FortiAnalyzer could not recognize FortiAI devices. In 7.0.1 and later, FortiAnalyzer is able to recognize the FortiAI device and will display it in the Unauthorized Device list once added.
  3. Select Unauthorized Devices and authorize the FortiAI device.
    When the FortiAI device is authorized on FortiAnalyzer, it is listed in the FortiAnalyzer Device Manager with information including its device name, IP, serial number, logging status, etc.
To view FortiAI logs in FortiAnalyzer:
  1. On FortiAnalyzer, ensure you are in the correct ADOM.
  2. Go to Log View > FortiAI.
    There is a new FortiAI log type created for the FortiAI device. When FortiAI logs are received, they are displayed in Log View.

  3. Go to Log View > Fabric.
    FortiAnalyzer adds a SIEM parser to FortiAI logs so that they can be viewed in the Fabric SIEM database correctly.

  4. Go to Log View > Log Browse.
    In Log Browse, you can see the FortiAI device logs listed. You can download or import FortiAI logs.
To create a custom event handler using FortiAI logs:
  1. Go to FortiSoC > Handlers > Event Handler List, and create a new event handler.
  2. Enter a name for the event handler, for example FortiAI-Event-Handler.
  3. Enable a filter, and select FortiAI as the Log Device Type.
  4. In Log type, select a FortiAI log type.
  5. Configure the remaining settings as required, and click OK to save the event handler.
  6. Events triggered by the event handler appear in FortiSoC > Event Monitor > All Events. The name of the event handler is displayed in the table.
To create a custom report using FortiAI logs:
  1. Go to Reports > Report Definitions > Datasets, and create or edit a dataset.
  2. Select a FortiAI log type in the Log Type dropdown.
  3. Configure the remaining settings as required, and click OK to save the dataset.
    The dataset can now be used when configuring charts used in FortiAnalyzer reports.

FortiAI logging on FortiAnalyzer 7.0.1

Starting in FortiAnalyzer 7.0.1, you can configure FortiAnalyzer to accept logs from a FortiAI device for use in the following ways:

  • FortiAnalyzer can recognize FortiAi devices.
  • FortiAI logs can be stored in Fabric ADOM.
  • FortiAI can be viewed in LogView.
  • FortiAI Device Type and Log Types are available in event handlers and report data sets.
To add a FortiAI device to FortiAnalyzer:
  1. On FortiAnalyzer, ensure you in are in the correct ADOM.
  2. Go to Device Manager and add the FortiAI device.
    Previously, FortiAnalyzer could not recognize FortiAI devices. In 7.0.1 and later, FortiAnalyzer is able to recognize the FortiAI device and will display it in the Unauthorized Device list once added.
  3. Select Unauthorized Devices and authorize the FortiAI device.
    When the FortiAI device is authorized on FortiAnalyzer, it is listed in the FortiAnalyzer Device Manager with information including its device name, IP, serial number, logging status, etc.
To view FortiAI logs in FortiAnalyzer:
  1. On FortiAnalyzer, ensure you are in the correct ADOM.
  2. Go to Log View > FortiAI.
    There is a new FortiAI log type created for the FortiAI device. When FortiAI logs are received, they are displayed in Log View.

  3. Go to Log View > Fabric.
    FortiAnalyzer adds a SIEM parser to FortiAI logs so that they can be viewed in the Fabric SIEM database correctly.

  4. Go to Log View > Log Browse.
    In Log Browse, you can see the FortiAI device logs listed. You can download or import FortiAI logs.
To create a custom event handler using FortiAI logs:
  1. Go to FortiSoC > Handlers > Event Handler List, and create a new event handler.
  2. Enter a name for the event handler, for example FortiAI-Event-Handler.
  3. Enable a filter, and select FortiAI as the Log Device Type.
  4. In Log type, select a FortiAI log type.
  5. Configure the remaining settings as required, and click OK to save the event handler.
  6. Events triggered by the event handler appear in FortiSoC > Event Monitor > All Events. The name of the event handler is displayed in the table.
To create a custom report using FortiAI logs:
  1. Go to Reports > Report Definitions > Datasets, and create or edit a dataset.
  2. Select a FortiAI log type in the Log Type dropdown.
  3. Configure the remaining settings as required, and click OK to save the dataset.
    The dataset can now be used when configuring charts used in FortiAnalyzer reports.