■Fortigate-60C(Transparent mode)のSyslog,SNMPを設定する。
set status enable
set server 172.31.31.254
set source-ip 172.31.31.249
end
■上位のNAT modeのFortigate-60Cのログを通す設定は以下。
config firewall address
edit "UTM-Seg"
set subnet 172.31.31.0 255.255.255.0
next
end
config firewall policy
edit 2
set srcintf "wan1"
set dstintf "internal"
set srcaddr "UTM-Seg"
set dstaddr "UTM-Seg"
set action accept
set schedule "always"
set service "SYSLOG"
next
end
■Debian側のrsyslog.confの設定。
$ grep -A 1 "udp\|172.31.31..*Fortigate" /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
--
fromhost-ip, isequal, "172.31.31.252" /var/log/Fortigate-60C-NAT.log
& ~
fromhost-ip, isequal, "172.31.31.249" /var/log/Fortigate-60C-Tranparent.log
& ~
$ sudo /etc/init.d/rsyslog restart
■Syslog転送ログの確認。
$ sudo tail -n 1 /var/log/Fortigate-60C-* | \
sed -e 's/[A-z0-9]*=[A-z0-9]* /\n\t&/g' | \
sed -e 's/FGT60C.*/FGT60CXXXXXXXXXX/g'
==> /var/log/Fortigate-60C-NAT.log <==
Sep 2 22:15:01 172.31.31.252 date=2015-09-02 time=22:15:01 devname=home-utm1
devid=FGT60CXXXXXXXXXX
logid=0001000014
type=traffic
subtype=local
level=notice
vd=root srcip=172.31.31.254
srcport=33089 srcintf="internal" dstip=172.31.31.252
dstport=80 dstintf="root"
sessionid=168
proto=6
action=close
policyid=0 dstcountry="Reserved" srccountry="Reserved"
trandisp=noop service="HTTP" app="Web Management"
duration=1
sentbyte=582
rcvdbyte=3203
sentpkt=6
rcvdpkt=6 devtype="Linux PC" osname="Linux" osversion="2.x" mastersrcmac=00:02:2a:f1:08:45 srcmac=00:02:2a:f1:08:45
==> /var/log/Fortigate-60C-Tranparent.log <==
Sep 2 22:14:57 172.31.31.249 date=2015-09-02 time=22:14:52 devname=home-utm2
devid=FGT60CXXXXXXXXXX
logid=0100040704
type=event
subtype=system
level=notice vd="root" logdesc="System performance statistics" action="perf-stats"
cpu=0
mem=44
totalsession=5
disk=3 bandwidth=5/1
setuprate=0
disklograte=0
fazlograte=0 msg="Performance statistics: average CPU: 0, memory: 44, concurrent sessions: 5, setup-rate: 0"
■ついでにSNMPも設定する。
Fortigateの性能情報をSNMPで取得する。
http://labunix.hateblo.jp/entry/20150817/1439818369
config system snmp community
edit 1
set name "public"
config hosts
edit 1
set source-ip 172.31.31.249
set ip 172.31.31.254 255.255.255.255
set interface "internal"
set host-type query
next
end
set query-v2c-status disable
set trap-v1-status disable
set trap-v2c-status disable
next
end
config system interface
edit "internal"
set vdom "root"
set allowaccess ping ssh snmp http telnet
set type physical
set snmp-index 8
next
end
■情報採取スクリプトを若干変更
$ cat /etc/cron.d/fgtperf
SHELL=/bin/sh
PATH=/bin:/usr/bin
FGTPERF=/var/local/fortigate-perf.sh
*/5 * * * * labunix test -x $FGTPERF && /bin/bash $FGTPERF
$ cat /var/local/fortigate-perf.sh
TARGETIP1="172.31.31.252"
TARGETIP2="172.31.31.249"
TARGETOID=".1.3.6.1.4.1.12356.101.4.1"
FGTPERFLOG=/var/log/fgt/fortigate-perf-`date '+%Y%m%d'`
for TARGETLIST in ${TARGETIP1} ${TARGETIP2}; do \
snmpwalk -v 1 -c public ${TARGETLIST} ${TARGETOID} 2>/dev/null | \
awk 'BEGIN{"date +%Y/%m/%d,%H:%M:%S," | getline;printf $0}; \
/fgSys[CM][pe][mu]Usage/ || /1.[34].0 =/{printf "%s,",$NF}' | \
sed -e 's/,$/\n/' >> ${FGTPERFLOG}_${TARGETLIST}.csv
done
$ chmod +x /var/local/fortigate-perf.sh
$ sudo mkdir /var/log/fgt
$ sudo chown labunix:labunix /var/log/fgt
$ /bin/bash /var/local/fortigate-perf.sh
$ grep . /var/log/fgt/fortigate-perf-20150902_172.31.31.2*
/var/log/fgt/fortigate-perf-20150902_172.31.31.249.csv:2015/09/02,23:02:57,0,46
/var/log/fgt/fortigate-perf-20150902_172.31.31.249.csv:2015/09/02,23:05:02,0,46
/var/log/fgt/fortigate-perf-20150902_172.31.31.249.csv:2015/09/02,23:10:02,0,46
/var/log/fgt/fortigate-perf-20150902_172.31.31.249.csv:2015/09/02,23:15:01,0,46
/var/log/fgt/fortigate-perf-20150902_172.31.31.249.csv:2015/09/02,23:20:02,0,46
/var/log/fgt/fortigate-perf-20150902_172.31.31.249.csv:2015/09/02,23:25:02,0,46
/var/log/fgt/fortigate-perf-20150902_172.31.31.249.csv:2015/09/02,23:30:01,0,46
/var/log/fgt/fortigate-perf-20150902_172.31.31.249.csv:2015/09/02,23:35:04,0,46
/var/log/fgt/fortigate-perf-20150902_172.31.31.249.csv:2015/09/02,23:40:02,0,46
/var/log/fgt/fortigate-perf-20150902_172.31.31.249.csv:2015/09/02,23:45:01,0,46
/var/log/fgt/fortigate-perf-20150902_172.31.31.249.csv:2015/09/02,23:50:01,0,46
/var/log/fgt/fortigate-perf-20150902_172.31.31.249.csv:2015/09/02,23:55:02,0,46
/var/log/fgt/fortigate-perf-20150902_172.31.31.252.csv:2015/09/02,23:02:57,0,69
/var/log/fgt/fortigate-perf-20150902_172.31.31.252.csv:2015/09/02,23:05:01,0,69
/var/log/fgt/fortigate-perf-20150902_172.31.31.252.csv:2015/09/02,23:10:01,0,70
/var/log/fgt/fortigate-perf-20150902_172.31.31.252.csv:2015/09/02,23:15:01,0,70
/var/log/fgt/fortigate-perf-20150902_172.31.31.252.csv:2015/09/02,23:20:01,0,70
/var/log/fgt/fortigate-perf-20150902_172.31.31.252.csv:2015/09/02,23:25:01,0,70
/var/log/fgt/fortigate-perf-20150902_172.31.31.252.csv:2015/09/02,23:30:01,0,70
/var/log/fgt/fortigate-perf-20150902_172.31.31.252.csv:2015/09/02,23:35:01,0,70
/var/log/fgt/fortigate-perf-20150902_172.31.31.252.csv:2015/09/02,23:40:01,0,70
/var/log/fgt/fortigate-perf-20150902_172.31.31.252.csv:2015/09/02,23:45:01,0,70
/var/log/fgt/fortigate-perf-20150902_172.31.31.252.csv:2015/09/02,23:50:01,0,70
/var/log/fgt/fortigate-perf-20150902_172.31.31.252.csv:2015/09/02,23:55:01,0,70