A New Community Experience is Coming! For more information, please see our
No data from fotigate plugin
Hi all, I'm using OSSIM 4.1.2 version to collect fortigate firewall events, recently I have observed that the sensor don't send to the server the events that the sensor has recieved from the Fortigate firewall. I see the events in the /var/log/syslog of the sensor.
Jan 9 10:00:22 192.168.1.1 date=2013-01-09 time=10:00:52 devname=FWICV device_id=FG300B3909603821 log_id=0022000003 type=traffic subtype=violation pri=warning status=deny vd="root" src=22.214.171.124 srcname=192.168.1.224 src_port=51913 dst=10.10.0.224 dstname=10.10.0.224 dst_country="Spain" dst_port=8000 service=trueno proto=6 app_type=N/A duration=0 rule=5 policyid=5 identidx=0 sent=0 rcvd=0 shaper_drop_sent=0 shaper_drop_rcvd=0 perip_drop=0 shaper_sent_name="N/A" shaper_rcvd_name="N/A" perip_name="N/A" vpn="N/A" vpn_type=UNKNOWN(65535) vpn_tunnel="N/A" src_int="port2" dst_int="port1" SN=136463789 app="N/A" app_cat="N/A" user="N/A" group="N/A" msg="N/A" carrier_ep="N/A" profilegroup="N/A In the /var/log/ossim/agent I can see that the sensor don't send to the server anything of the plugin 1554 (fortigate plugin number). I'm using the default plugin configuration. Has anybody had the same problem? Thank you in advance.