■Fortigateの正常性確認について
GUIで確認するのも良いけど、後に残らないのが問題。
■コマンドで「alertconsole list」ログを確認する方法
$ echo "diagnose log alertconsole list" | ssh admin@172.31.31.251 2> /dev/null | sed s/".*# "//g
admin@172.31.31.251s password:
There are 50 alert console messages:
2015-02-24 20:02:53 FortiGuard Advisory Adobe Security Bulletin for February 2015
2015-02-24 20:02:53 FortiGuard Advisory Microsoft Security Bulletin for February 10, 2015
2015-02-24 20:02:53 FortiGuard Advisory FortiOS CAPWAP server two vulnerabilities
2015-02-24 20:02:53 FortiGuard Advisory FortiAuthenticator multiple vulnerabilities
2015-02-24 19:02:53 FortiGuard Latest Threat MSIL/Injector.FPV!tr
2015-02-24 19:02:53 FortiGuard Latest Threat W32/Kryptik.CHZB!tr
2015-02-24 19:02:53 FortiGuard Latest Threat W32/CPacker.C!tr
2015-02-24 19:02:53 FortiGuard Latest Threat W32/Cryptolocker.C!tr
2015-02-24 19:02:53 FortiGuard Latest Threat W32/Kryptik.CFCF!tr
2015-02-24 19:02:53 FortiGuard Latest Threat W32/Zbot.AHCV!tr
2015-02-24 19:02:53 FortiGuard Latest Threat W32/Boaxxe.BV!tr
2015-02-24 19:02:53 FortiGuard Latest Threat Nuclear.Exploit.Kit
2015-02-24 19:02:53 FortiGuard Latest Threat WordPress.Download.Manager.wpdm_upload_icons.Code.Execution
2015-02-24 19:02:53 FortiGuard Latest Threat Ropest.Botnet
2015-02-24 19:02:53 FortiGuard Latest Threat Sweet.Orange.Exploit.Kit
2015-02-24 19:02:53 FortiGuard Latest Threat Bash.Function.Definitions.Remote.Code.Execution
2015-02-24 19:02:53 FortiGuard Latest Threat Magnitude.Exploit.Kit
2015-02-24 19:02:53 FortiGuard Latest Threat Neutrino.Exploit.Kit
2015-02-24 19:02:43 Log disk is unavailable
■沢山の状態コマンドを覚えてられないので作った。
fgt_check.sh
https://raw.githubusercontent.com/labunix/fortigate-80c-settings/master/fgt_check.log
fdt_check.log
https://raw.githubusercontent.com/labunix/fortigate-80c-settings/master/fgt_check.log
■概要で何か見つけたら、整形前のログを見て、
それでも疑問があれば、「diagnose debug report」する前提で、
はじめの分かりやすい取っ掛かりがあればいいな。と。
FortigateのCLIコマンド[diagnose debug report]の中身について
http://labunix.hateblo.jp/entry/20150208/1423402180
■teeを使わない実行方法。
コマンドがすべて正常することを表示無しで信じて待ってられる人は以下で。
状態のリストなのでログは別途。
$ cat fgt_check.log | ssh admin@172.31.31.251 | \
sed s/".*# "//g > "check_`date '+%Y%m%d'`.log" 2>&1
Pseudo-terminal will not be allocated because stdin is not a terminal.
admin@172.31.31.251s password:
interfaces=[any]
filters=[udp port 53]
■概要を抽出
「./fgt_check.sh」で試してから結果を整形するようにしましょう。
正常に稼働している前提では、おおまかに知りたいのはこんなものかな。
「disableチェック」はたまにやるかも知れないので残した。
$ /bin/bash -v ./fgt_check.sh check_20150224.log 2>&1 | \
grep -A 1000 "^# Start" | grep -v ^grep
hostname : FGT-UTM
Version: FortiGate-80C v5.0,build0252,131031 (GA Patch 5)
current date is: 2015-02-24
current time is: 20:40:09
antispam-expiration : Fri Sep 18 09:00:00 2015
avquery-expiration : Fri Sep 18 09:00:00 2015
webfilter-expiration: Fri Sep 18 09:00:00 2015
Virus-DB: 23.00891(2015-02-23 06:09)
Extended DB: 23.00891(2015-02-23 06:08)
IPS-DB: 5.00614(2015-02-19 04:57)
IPS-ETDB: 0.00000(2000-00-00 00:00)
Botnet DB: 2.00099(2015-02-22 20:30)
Next sched update: Wed Feb 25 01:55:00 2015
Uptime: 0 days, 1 hours, 37 minutes
CPU states: 3% user 2% system 0% nice 95% idle
Memory states: 54% used
[ dev: /dev/sda1 major: 8 minor: 1 free: 22MB mounted: N ]
[ dev: /dev/sda2 major: 8 minor: 2 free: 8MB mounted: Y ]
[ dev: /dev/sda3 major: 8 minor: 3 free: 375MB mounted: Y ]
IPS-DB: 5.00614(2015-02-19 04:57)
IPS-ETDB: 0.00000(2000-00-00 00:00)
IPS attacks blocked: 0 total in 1 minute
IP=192.168.1.251->192.168.1.251/255.255.255.248 index=4 devname=wan1
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=7 devname=root
IP=172.31.31.251->172.31.31.251/255.255.255.0 index=10 devname=internal
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=12 devname=vsys_ha
IP=127.0.0.1->127.0.0.1/255.0.0.0 index=14 devname=vsys_fgfm
Browsing: 184 packets, 68877 bytes
DNS: 5602 packets, 632639 bytes
E-Mail: 0 packets, 0 bytes
FTP: 0 packets, 0 bytes
Gaming: 0 packets, 0 bytes
IM: 0 packets, 0 bytes
Newsgroups: 0 packets, 0 bytes
P2P: 0 packets, 0 bytes
Streaming: 0 packets, 0 bytes
TFTP: 0 packets, 0 bytes
VoIP: 0 packets, 0 bytes
Generic TCP: 5836 packets, 1121578 bytes
Generic UDP: 55 packets, 4180 bytes
Generic ICMP: 0 packets, 0 bytes
Generic IP: 12 packets, 384 bytes
Browsing: 184 packets, 68877 bytes
DNS: 5602 packets, 632639 bytes
E-Mail: 0 packets, 0 bytes
FTP: 0 packets, 0 bytes
Gaming: 0 packets, 0 bytes
IM: 0 packets, 0 bytes
Newsgroups: 0 packets, 0 bytes
P2P: 0 packets, 0 bytes
Streaming: 0 packets, 0 bytes
TFTP: 0 packets, 0 bytes
VoIP: 0 packets, 0 bytes
Generic TCP: 5839 packets, 1123318 bytes
Generic UDP: 55 packets, 4180 bytes
Generic ICMP: 0 packets, 0 bytes
Generic IP: 12 packets, 384 bytes
Ring counters: pass=000000 fail=000000
Setup counters: pass=000001 fail=000000
Update counters: pass=000000 retry_fail=000000 final_fail=000000
Virus report counters: pass=000000 fail=000000 empty_stats=000001
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000