Thursday, December 6, 2012

FortiAnalyzer - System Registration

If you are running FortiAnalyzer and you start feeding it logs from Fortigates they will (depending on your settings) automatically register and show up in your device view. By default they will show up in the format of "hostname_serialnumber".
If you have a hostname configured on your Fortigate but it only shows up using its serial number in FAZ then you maybe running into a versioning issue. Specifically if you're using FAZ 4.1 with FortiOS 4.3 devices reporting into it.
The reason for this is that in FortiOS 4.3 the firewalls will by default try to encrypt the communication to the FortiAnalyzer which FAZ 4.1 does not understand. To work around this disable the encryption for logging to FAZ on the Fortigate using the following command:

# config log fortianalyzer setting
# set enc-algorithm disable
# end

No comments: