Brendan,
Did you create a mapping for /Net/Fortinet? If so could you send us
the info on that mapping?
If you haven't created a mapping yet, take a look at the Admin Guide
for some help:
http://zenoss.com/download/latest/adminguidew
Regards,
Marc Irlandez
On Jan 30, 2007, at 12:18 PM, brendan wrote:
Greetings,
I am having problems trying to map the following events from a
Fortinet firewall to /Net/Fortinet:
date=2007-01-30 time=10:25:12 devname=int-fw1_XXX
device_id=FGXXXXXXXXXXXXXX log_id=0104032006 type=event
subtype=admin pri=emergency vd=root msg="Log disk is at 95%
full.System will overwrite old logs once passed 95%."
date=2007-01-30 time=11:28:06 devname=int-fw1_XXX
device_id=FGXXXXXXXXXXXXX log_id=0104032009 type=event
subtype=admin pri=alert vd=root user=xxxx ui=GUI(10.X.X.X)
action=login status=failure reason=none msg="User xxxx login failed
from GUI(10.X.X.X)"
I do not get an error on the Events screen, but when I go to /
Events/Net/Fortinet, there is nothing under Classes or Mappings.
I tailed the logs directory while I was doing this, and this is all
I saw in the Z2.log:
10.X.X.X - Anonymous [30/Jan/2007:12:05:44 -0400] "POST /zport/dmd/
Events HTTP/1.1" 200 46020 "http://xxx.xxx:8080/zport/dmd/Events";
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/
20061204 Firefox/2.0.0.1"
10.X.X.X - Anonymous [30/Jan/2007:12:05:44 -0400] "GET /zport/dmd/
ZenEventManager/getJSONEventsInfo HTTP/1.1" 204 150 "http://xxx.xxx:
8080/zport/dmd/Events" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-
US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
Let me know if there is more info you would need.
thanks
Check out the all-new Yahoo! Mail beta - Fire up a more powerful
email and get things done faster.
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
