• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

No data from fotigate plugin

0x0deep0x0deep

Big Time
edited January 2013 in AlienVault USM Appliance > Sensor
Hi all, I'm using OSSIM 4.1.2 version to collect fortigate firewall events, recently I have observed that the sensor don't send to the server the events that the sensor has recieved from the Fortigate firewall. I see the events in the /var/log/syslog of the sensor.

Jan  9 10:00:22 192.168.1.1 date=2013-01-09 time=10:00:52 devname=FWICV device_id=FG300B3909603821 log_id=0022000003 type=traffic subtype=violation pri=warning status=deny vd="root" src=168.192.1.224 srcname=192.168.1.224 src_port=51913 dst=10.10.0.224 dstname=10.10.0.224 dst_country="Spain" dst_port=8000 service=trueno proto=6 app_type=N/A duration=0 rule=5 policyid=5 identidx=0 sent=0 rcvd=0 shaper_drop_sent=0 shaper_drop_rcvd=0 perip_drop=0 shaper_sent_name="N/A" shaper_rcvd_name="N/A" perip_name="N/A" vpn="N/A" vpn_type=UNKNOWN(65535) vpn_tunnel="N/A" src_int="port2" dst_int="port1" SN=136463789 app="N/A" app_cat="N/A" user="N/A" group="N/A" msg="N/A" carrier_ep="N/A" profilegroup="N/A

In the /var/log/ossim/agent I can see that the sensor don't send to the server anything of the plugin 1554 (fortigate plugin number).

I'm using the default plugin configuration.

Has anybody had the same problem?

Thank you in advance.

Share post:

This discussion has been closed.