Marc,
I have already created a number of mappings for unix, windows and Cisco. Here
I am doing the same thing I did when i set up all my mappings for Netscreen
devices under /Net/Netscreen. (selecting the event and mapping it to the
proper tree)
Since that failed, I created some Fortinet mappings manually, with the
appropriate regexp, but I cannot get these Events to match them.
Is it possible there is a a problem reading Fortinet format? Anybody else
mapping events from a Fortinet?
I had a similar problem when I tried to map events from an Alteon, only there
Zenoss spit out an error:
http://dev.zenoss.org/trac/ticket/860
In both the Alteon and Fortinet Events, the 'component' is blank, could that
cause a problem?
Let me know if you want some raw syslog messages.
thanks
Software Component Versions
Zenoss
Zenoss 1.1.0
OS
Linux (x86_64) 2.6.9 (Linux nms2 2.6.9-42.0.3.plus.c4smp #1 SMP Fri
Oct 6 11:42:04 CDT 2006 x86_64)
Zope
Zope 2.8.8
Python
Python 2.4.4
Database
MySQL 5.0.22 (Ver 5.0.22)
RRD
RRDtool 1.2.15
Twisted
Twisted 2.4.0
SNMP
PySNMP 3.4.3
Twisted SNMP
TwistedSNMP 0.3.13
Brendan,
Did you create a mapping for /Net/Fortinet? If so could you send us
the info on that mapping?
If you haven't created a mapping yet, take a look at the Admin Guide
for some help:
http://zenoss.com/download/latest/adminguidew
Regards,
Marc Irlandez
On Jan 30, 2007, at 12:18 PM, brendan wrote:
> Greetings,
>
> I am having problems trying to map the following events from a
> Fortinet firewall to /Net/Fortinet:
>
> date=2007-01-30 time=10:25:12 devname=int-fw1_XXX
> device_id=FGXXXXXXXXXXXXXX log_id=0104032006 type=event
> subtype=admin pri=emergency vd=root msg="Log disk is at 95%
> full.System will overwrite old logs once passed 95%."
> date=2007-01-30 time=11:28:06 devname=int-fw1_XXX
> device_id=FGXXXXXXXXXXXXX log_id=0104032009 type=event
> subtype=admin pri=alert vd=root user=xxxx ui=GUI(10.X.X.X)
> action=login status=failure reason=none msg="User xxxx login failed
> from GUI(10.X.X.X)"
>
>
> I do not get an error on the Events screen, but when I go to /
> Events/Net/Fortinet, there is nothing under Classes or Mappings.
> I tailed the logs directory while I was doing this, and this is all
> I saw in the Z2.log:
>
> 10.X.X.X - Anonymous [30/Jan/2007:12:05:44 -0400] "POST /zport/dmd/
> Events HTTP/1.1" 200 46020 "http://xxx.xxx:8080/zport/dmd/Events";
> "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/
> 20061204 Firefox/2.0.0.1"
> 10.X.X.X - Anonymous [30/Jan/2007:12:05:44 -0400] "GET /zport/dmd/
> ZenEventManager/getJSONEventsInfo HTTP/1.1" 204 150 "http://xxx.xxx:
> 8080/zport/dmd/Events" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-
> US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
>
> Let me know if there is more info you would need.
> thanks
>
>
> Check out the all-new Yahoo! Mail beta - Fire up a more powerful
> email and get things done faster.
> _______________________________________________
> zenoss-users mailing list
> zenoss-users at zenoss.org
> http://lists.zenoss.org/mailman/listinfo/zenoss-users
____________________________________________________________________________________
Have a burning question?
Go to www.Answers.yahoo.com and get answers from real people who know._______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
