marketplace
CDS FortiGate - User Audit
CDS FortiGate - Wireless Network and VPN
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Overview
FortiGate provides a full range of threat protection capabilities, including firewall, intrusion prevention, antivirus, SSL inspection, and application control. FortiGate reduces complexity with automated visibility into applications, users, and networks, and provides security ratings to adopt security best practices.
This integration collects the following log types and subtypes:
Type | Description | SubType |
---|
Traffic | Records traffic flow information such as an HTTP/HTTPS request and its response, if any | FORWARD, LOCAL |
Event | Records system and administrative events | SYSTEM, USER, VPN, WIRELESS |
UTM | Records UTM Events | IPS, WEB |
NOTE: Support for the metric has been discontinued and its related panels are now deprecated in integration v1.1.0. We plan to completely remove the same in upcoming releases of the integration
Troubleshooting
If you see a Permission denied error while port binding in agent logs, follow the instructions below:
Binding to a port number under 1024 requires elevated permissions. Follow the instructions below to set this up.
Grant access to the port using the setcap command:
sudo setcap CAP_NET_BIND_SERVICE=+ep /opt/datadog-agent/bin/agent/agent
Verify the setup is correct by running the getcap command:
sudo getcap /opt/datadog-agent/bin/agent/agent
With the expected output:
/opt/datadog-agent/bin/agent/agent = cap_net_bind_service+ep
Note: Re-run this setcap command every time you upgrade the Agent.
Restart the Agent.
If the firewall is enabled, make sure traffic is bypassed from the configured port.
If you see the Port 514 Already in Use error, follow the below instructions (the example given below is for PORT-NO = 514):
On systems with Syslog, if the Agent is listening for FortiGate logs on port 514, the following error can appear in the Agent logs: Can’t start UDP forwarder on port 514: listen udp :514: bind: address already in use.
This happens because, by default, Syslog is listening on port 514. To resolve this error, you can disable Syslog, or have the Agent listen on the available port that is not occupied by other services.
Support
For support or feature requests, contact Crest Data through the following channels:
This application is made available through the Datadog Marketplace and is supported by a Datadog Technology Partner. To use it, purchase this application in the Marketplace.