FortiGate

Supported OS Linux Windows Mac OS

marketplace

Overview

  • FortiGate provides a full range of threat protection capabilities, including firewall, intrusion prevention, antivirus, SSL inspection, and application control. FortiGate reduces complexity with automated visibility into applications, users, and networks, and provides security ratings to adopt security best practices.

    This integration collects the following log types and subtypes:

    TypeDescriptionSubType
    TrafficRecords traffic flow information such as an HTTP/HTTPS request and its response, if anyFORWARD, LOCAL
    EventRecords system and administrative eventsSYSTEM, USER, VPN, WIRELESS
    UTMRecords UTM EventsIPS, WEB

NOTE: Support for the metric has been discontinued and its related panels are now deprecated in integration v1.1.0. We plan to completely remove the same in upcoming releases of the integration

Troubleshooting

  • If you see a Permission denied error while port binding in agent logs, follow the instructions below:

    1. Binding to a port number under 1024 requires elevated permissions. Follow the instructions below to set this up.

      • Grant access to the port using the setcap command:

        sudo setcap CAP_NET_BIND_SERVICE=+ep /opt/datadog-agent/bin/agent/agent
        
      • Verify the setup is correct by running the getcap command:

        sudo getcap /opt/datadog-agent/bin/agent/agent
        

        With the expected output:

        /opt/datadog-agent/bin/agent/agent = cap_net_bind_service+ep
        

        Note: Re-run this setcap command every time you upgrade the Agent.

    2. Restart the Agent.

  • If the firewall is enabled, make sure traffic is bypassed from the configured port.

  • If you see the Port 514 Already in Use error, follow the below instructions (the example given below is for PORT-NO = 514):

    • On systems with Syslog, if the Agent is listening for FortiGate logs on port 514, the following error can appear in the Agent logs: Can’t start UDP forwarder on port 514: listen udp :514: bind: address already in use.

    • This happens because, by default, Syslog is listening on port 514. To resolve this error, you can disable Syslog, or have the Agent listen on the available port that is not occupied by other services.

Support

For support or feature requests, contact Crest Data through the following channels:


This application is made available through the Datadog Marketplace and is supported by a Datadog Technology Partner. To use it, purchase this application in the Marketplace.