Here's the logging error you will see on the dashboard if logging stops or is in accessible;
Here a means for looking at the number events logged ( fds = the events logged to the cloud mem = the events logged to memory )
Method1:
Method2:
diag sys kill 1 <PID> YMMV with the latter.
Next, it's easy to fill your quota and exhaust your disk usage.
NOTE: You can always keep deleting logs to make space available, but that can get boring very quick.
Forticloud is great for SOHO and a low usage SMB firewall, but it's not intended to replace enterprise level logging systems. This is where the Cisco Meraki wins at imho.
I will post about the Meraki cloud management and logging next month. But with the cisco meraki approach you get this via an activation license that you must buy for the meraki appliance. This includes all appliances and not just firewalls, which is what the forticloud solution only supports.
Nothing is free from cisco btw ;)
The forticloud is a good try, see, and then buy if it meets your needs. Or you can always go with the localize fortianalyzer approach.
http://www.fortinet.com/products/fortianalyzer/
key points about forticloud;
- is not a best-fit model for all setups
- requires internet access for logging
- expose your logging data in somebody else hands
- is a quota based
- requires internet access for retrieval ( so if your down and trying to get logging info, your Shit out of luck unless you have memory logging enabled )
Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( $ $ )=
o
/ \
No comments:
Post a Comment