OpenTechShed

Blog of Things

Export logs from FortiGate to FTP server

This is a quick post on how to export logs from a FortiGate to FTP server. On FortiGates running FortiOS 5.6 and above, one can easily transfer all logs from memory to an FTP server.

How about secure copy, Fortinet?

This is useful if you don’t have access to a syslog server or would like to review them on a server rather than FortiOS. Use the command below to transfer all the logs

execute backup memory alllogs ftp 192.168.1.2 ftpuser ftppassword 
tlog memory log is empty.
Please wait...

Connect to ftp server 192.168.1.2 ...
Sent log file _elog.mlog to ftp server as mem_elog_FGTSERIALNUMBER_root_20180418_214705_mlog OK.
vlog memory log is empty.
wlog memory log is empty.
alog memory log is empty.
slog memory log is empty.
mlog memory log is empty.
plog memory log is empty.
dlog memory log is empty.
rlog memory log is empty.
flog memory log is empty.
olog memory log is empty.

For devices with a disk, replace the memory with disk

execute backup disk alllogs ftp

For FortiGates with a disk, you can specify the type of logs you want to export to FTP server as well.

E.g.:

execute backup disk alllogs ftp

where logtype could be one of the following

traffic, event, virus, webfilter, ips, emailfilter, anomaly, voip, dlp, app-ctrl, waf, dns

Multi Cloud Automation – Part I

This is part I of a series that will focus on automation in a multi cloud environment. While the solution in this series can be extended to private architectures using OpenStack, and VMware, I plan to focus only on public clouds and use Terraform. Please bear in mind that there are other open source and commercial solutions that can be used to automate both infrastructure and initial setups.

I have a curated list of videos on YouTube that provide a high level overview of Terraform and cloud-init.

Which cloud providers?

The public cloud computing service providers, that we will cover will be.

  • Amazon Web Services
  • Google Cloud Platform
  • Azure

If you think, I should investigate any other providers, please leave a comment and I will try my best to add them to the list.

Series outline

The blog posts that will be part of this series will be:

  • Management server setup – We will walk through the setup of a server that will allow us to manage our cloud infrastructure.
  • API access setup – In this part, we will walk through the steps required to securily access the cloud computing provider.
  • Network setup – Popularly known as Virtual Private Cloud (VPC). In this part we will build the underlying networking infrastructure.
  • Domain Name Service (DNS)
  • Storage – Both to store terraform information and setup for compute resources.
  • Compute – There is probably no cloud without virtual machines today, but this is changing quickly with serverless technologies.
  • Server setup – Using cloud-init we will setup servers for various functions.

If there is anything else that you would like to see, please let me know and I will try to add to the list.

FortiGate Virtual Machine Config Drive – Missing Pieces

With FortiOS version 5.4.1 and above, Fortinet added support for initial configuration of a FortiGate virtual machine by attaching a cloud-init config drive. When the FortiGate VM powers up for the first time, it will automatically read the data from the config drive and apply both license and configuration to the FortiGate. This is an excellent way to automate deployments of FortiGate virtual machines in production or lab environments. You can read more about the config drive support and how to use one at http://cookbook.fortinet.com/config-drive-esx-vcenter-vmware-5-4/. In this blog post, I will try to capture some of the missing pieces and also provide pointers on how to troubleshoot.

View Full Post

Installing VMware vSphere SDK for Perl v6.5 on Ubuntu 14.04

VMware has a guide available at https://pubs.vmware.com/vsphere-65/topic/com.vmware.ICbase/PDF/vsphere-perl-sdk-65-installation-guide.pdf, which if you follow carefully you will be able to successfully install the vSphere SDK for Perl without any issues. I, unfortunately, didn’t follow the guide properly and landed into some issues, which I have documented here. This blog post captures:

  1. How to install vSphere SDK for Perl on Ubuntu 14.04
  2. Issues encountered

View Full Post

FortiOS 5.4 automatically repeat commands using auto-script

FortiOS 5.4 introduced a long-awaited feature called auto-script. Head over to http://help.fortinet.com/fos50hlp/54/index.htm and then “5.4 What’s New” if you are interested in learning more. For those of us, who have worked on Cisco routers and used aliases or EEM feature, the auto-script feature is somewhere in between the two. It allows commands to be executed periodically or either once and I see this to be a great add to the feature set, especially when it comes to collecting lots of information quickly. This blog post captures:

  1. How to configure auto-script feature
  2. How to execute a script
  3. How to view the results.
  4. How to upload results to an FTP server
  5. Maximum limit
  6. Few features that I would like to see in future FortiOS releases

View Full Post

Using esxcli to add port groups and vlans in bulk

Introduction

esxcli is a command line tool that can be used to manage VMware ESXi host. In my opinion it’s a good way to learn more about the inner workings of ESXi and can be used in scripts for automating tasks. In this blog post, I will show you how to use esxcli to add portgroups and vlans to vSwitch0 of an ESXi host.

View Full Post

Testing DSCP using ping tcpdump and tshark

Introduction and Setup

If you came here via a search engine, chances are that you looking for a quick and dirty way of testing DSCP on your network. Differentiated Services, described in RFC 2474 and RFC 2475 provide a way to mark, prioritize, police, etc IP flows based on various attributes. This allows network operators to maintain different levels of QoS on their networks.

This post captures details on how to generate traffic from a client with different DSCP fields set and verify that they are received on the server side.

View Full Post

bash function/alias for ssh connectivity

In the home or work lab, I often have to connect to various devices that are either temporary or don’t support SSH keys. In my home lab, I typically set all the lab equipment with a standard username and password, which allows me to connect to them quickly. As almost all devices these days support SSH, I setup a bash function that acts as an alias allowing me to quickly connect to a device using SSH either from my Mac or Linux desktop.

View Full Post

Copy SSH Key to Multiple Servers

This blog post captures details on how to copy SSH key to multiple servers. If you manage more than one Linux server and have been challenged with automating mundane tasks, using SSH keys to login to a server without having to enter your password can be extremely irritating. There are more than one way to automate login to a Linux server.

  1. Use a utility like sshpass where you can provide the password as an argument.
  2. Use public-private SSH key pair.
Steps Involved
  1. Creating SSH Keys
  2. Copy SSH Key to Servers

View Full Post

PowerCLI Core on CentOS 7

VMware released PowerCLI Core for Linux and Mac that allows users to run cmdlets, which were possible to run only on Windows earlier. This post captures details on how to install PowerCLI Core on CentOS 7.

Steps Involved
  1. Install Microsoft .NET Core
  2. Install PowerShell
  3. Compile curl from source
  4. Install PowerCLI Core

View Full Post

Page 1 of 2