MENU
人生すべてがコンテンツ
satimo
  1. ホーム
  2. TECH
  3. Zabbix
  4. 【このまま利用可能】ZabbixでFortiGateのSNMP トラップ監視

【このまま利用可能】ZabbixでFortiGateのSNMP トラップ監視

広告
Zabbix

ZabbixでFortiGateのトラップ監視する為の設定ファイル作成をしています。

トラップ監視ができる環境構築がまだの場合はこちらの記事を確認ください。

あわせて読みたい
【Zabbix】Zabbix でSNMPトラップ監視できる環境を構築 はじめに Zabbixサーバでトラップ受信できる環境の構築を行っていきます。 Zabbix5.0がインストールことを前提に話を進めていますのでインストールが終わっていない場合...
目次

ZabbixでFortigateのSNMP トラップ監視する為の設定ファイルの作成

FortiGateではMIBファイル『FORTINET-CORE-MIB.mib』『FORTINET-FORTIGATE-MIB.mib』の2種類が用意されています。

FortiGateのコンソールから入手可能

ベンダー提供のMIBファイルを入手しトラップ受信するZabbixサーバーの『/usr/share/snmp/mibs』へ保存します。

保存後、Zabbixが理解できるようファイルのmibファイルの変換を行っていきます。

# snmpttconvertmib --in=FORTINET-CORE-MIB.mib --out=FORTINET-CORE-MIB.mib.conf
# snmpttconvertmib --in=FORTINET-FORTIGATE-MIB.mib --out=FORTINET-FORTIGATE-MIB.mib.conf
# cat FORTINET-*.conf>snmptt_FORTINET.conf
# sed -i 's/FORMAT/FORMAT ZBXTRAP $aA $N/g' snmptt_FORTINET.conf
# mv /usr/share/snmp/mibs/snmptt_FORTINET.conf /etc/snmp/

snmptt.iniファイルへ作成した保存したsnmptt_FORTINET.confを保存した保存先を指定してあげます。

# vi /etc/snmp/snmptt.ini
[TrapFiles]
...
/etc/snmp/snmptt_FORTINET.conf

作成したsnmptt_FORTINET.confの中身についてはこちらです。

mibファイルから作成せずともこちらの内容をコピーして利用いただいても利用可能です。

#
#
#
#
MIB: FORTINET-CORE-MIB (file:./FORTINET-CORE-MIB.mib) converted on Sun Jul  5 00:56:09 2020 using snmpttconvertmib v1.4beta2
#
#
#
EVENT fnTrapCpuThreshold .1.3.6.1.4.1.12356.100.1.3.0.101 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Indicates that the CPU usage has exceeded the configured threshold.
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fnTrapMemThreshold .1.3.6.1.4.1.12356.100.1.3.0.102 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Indicates memory usage has exceeded the configured threshold.
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fnTrapLogDiskThreshold .1.3.6.1.4.1.12356.100.1.3.0.103 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Log disk usage has exceeded the configured threshold. Only available
on devices with log disks.
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fnTrapTempHigh .1.3.6.1.4.1.12356.100.1.3.0.104 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

A temperature sensor on the device has exceeded its threshold.
Not all devices have thermal sensors. See manual for specifications.
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fnTrapVoltageOutOfRange .1.3.6.1.4.1.12356.100.1.3.0.105 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Power levels have fluctuated outside of normal levels. Not all devices
have voltage monitoring instrumentation. See manual for specifications.
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fnTrapPowerSupplyFailure .1.3.6.1.4.1.12356.100.1.3.0.106 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Power supply failure detected. Not available on all models. Available
on some devices which support redundant power supplies. See manual
for specifications.
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fnTrapAmcIfBypassMode .1.3.6.1.4.1.12356.100.1.3.0.107 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

An AMC interface entered bypass mode. Available on models with an AMC
expansion slot. Used with the ASM-CX4 and ASM-FX2 cards.
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fnTrapFanFailure .1.3.6.1.4.1.12356.100.1.3.0.108 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

A fan failure has been detected. Not all devices have fan sensors.
See manual for specifications.
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fnTrapIpChange .1.3.6.1.4.1.12356.100.1.3.0.201 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Indicates that the IP address of the specified interface has been changed.
Variables:
  1: fnSysSerial
  2: sysName
  3: ifIndex
EDESC
#
#
#
EVENT fnTrapTest .1.3.6.1.4.1.12356.100.1.3.0.999 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Trap sent for diagnostic purposes by an administrator.
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
#
MIB: FORTINET-FORTIGATE-MIB (file:./FORTINET-FORTIGATE-MIB.mib) converted on Sun Jul  5 00:56:15 2020 using snmpttconvertmib v1.4beta2
#
#
#
EVENT fgTrapVpnTunUp .1.3.6.1.4.1.12356.101.2.0.301 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Indicates that the specified VPN tunnel has been brought up.
Variables:
  1: fnSysSerial
  2: sysName
  3: fgVpnTrapLocalGateway
  4: fgVpnTrapRemoteGateway
  5: fgVpnTrapPhase1Name
EDESC
#
#
#
EVENT fgTrapVpnTunDown .1.3.6.1.4.1.12356.101.2.0.302 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

The specified VPN tunnel has been brought down.
Variables:
  1: fnSysSerial
  2: sysName
  3: fgVpnTrapLocalGateway
  4: fgVpnTrapRemoteGateway
  5: fgVpnTrapPhase1Name
EDESC
#
#
#
EVENT fgTrapHaSwitch .1.3.6.1.4.1.12356.101.2.0.401 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

The specified cluster member has transitioned from a slave role to a master role.
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fgTrapHaStateChange .1.3.6.1.4.1.12356.101.2.0.402 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Trap being sent when the HA cluster
member changes its state
Variables:
  1: fnSysSerial
EDESC
#
#
#
EVENT fgTrapHaHBFail .1.3.6.1.4.1.12356.101.2.0.403 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

The heartbeat device failure count has exceeded the configured threshold.
Variables:
  1: fnSysSerial
EDESC
#
#
#
EVENT fgTrapHaMemberDown .1.3.6.1.4.1.12356.101.2.0.404 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

The specified device (by serial number) is moving to a down state.
Variables:
  1: fnSysSerial
EDESC
#
#
#
EVENT fgTrapHaMemberUp .1.3.6.1.4.1.12356.101.2.0.405 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

A new cluster member has joined the cluster.
Variables:
  1: fnSysSerial
EDESC
#
#
#
EVENT fgTrapIpsSignature .1.3.6.1.4.1.12356.101.2.0.503 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

An IPS signature has been triggered
Variables:
  1: fnSysSerial
  2: sysName
  3: fgIpsTrapSigId
  4: fgIpsTrapSrcIp
  5: fgIpsTrapSigMsg
EDESC
#
#
#
EVENT fgTrapIpsAnomaly .1.3.6.1.4.1.12356.101.2.0.504 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

An IPS anomaly has been detected
Variables:
  1: fnSysSerial
  2: sysName
  3: fgIpsTrapSigId
  4: fgIpsTrapSrcIp
  5: fgIpsTrapSigMsg
EDESC
#
#
#
EVENT fgTrapIpsPkgUpdate .1.3.6.1.4.1.12356.101.2.0.505 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

The IPS signature database has been updated
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fgTrapIpsFailOpen .1.3.6.1.4.1.12356.101.2.0.506 "Status Events" Normal
FORMAT ZBXTRAP $aA $N The IPS network buffer is full $*
SDESC
The IPS network buffer is full
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fgTrapAvVirus .1.3.6.1.4.1.12356.101.2.0.601 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

A virus has been detected by the anti-virus engine
Variables:
  1: fnSysSerial
  2: sysName
  3: fgAvTrapVirName
EDESC
#
#
#
EVENT fgTrapAvOversize .1.3.6.1.4.1.12356.101.2.0.602 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

An over-sized file has been detected by the anti-virus engine
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fgTrapAvPattern .1.3.6.1.4.1.12356.101.2.0.603 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

The anti-virus engine has blocked a file because it matched a configured pattern
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fgTrapAvFragmented .1.3.6.1.4.1.12356.101.2.0.604 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

The anti-virus engine has detected a fragmented file
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fgTrapAvEnterConserve .1.3.6.1.4.1.12356.101.2.0.605 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

The anti-virus engine has entered conservation mode due to low memory conditions
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fgTrapAvBypass .1.3.6.1.4.1.12356.101.2.0.606 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

The anti-virus engine has been bypassed due to conservation mode
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fgTrapAvOversizePass .1.3.6.1.4.1.12356.101.2.0.607 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

An over-sized file has been detected,
but has been passed due to configuration
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fgTrapAvOversizeBlock .1.3.6.1.4.1.12356.101.2.0.608 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

An over-sized file has been detected
and has been blocked
Variables:
  1: fnSysSerial
  2: sysName
EDESC
#
#
#
EVENT fgTrapFazDisconnect .1.3.6.1.4.1.12356.101.2.0.701 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

The device has been disconnected from the FortiAnalyzer.
Variables:
  1: fnSysSerial
EDESC
#
#
#
EVENT fgTrapWcApUp .1.3.6.1.4.1.12356.101.2.0.801 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Indicates that the specified AP is up.
Variables:
  1: fnSysSerial
  2: sysName
  3: fgWcApVdom
  4: fgWcApSerial
  5: fgWcApName
EDESC
#
#
#
EVENT fgTrapWcApDown .1.3.6.1.4.1.12356.101.2.0.802 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Indicates that the specified AP is down.
Variables:
  1: fnSysSerial
  2: sysName
  3: fgWcApVdom
  4: fgWcApSerial
  5: fgWcApName
EDESC
#
#
#
EVENT fgTrapFcSwUp .1.3.6.1.4.1.12356.101.2.0.901 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Indicates that the specified switch controller session is up.
Variables:
  1: fnSysSerial
  2: sysName
  3: fgFcSwVdom
  4: fgFcSwSerial
  5: fgFcSwName
EDESC
#
#
#
EVENT fgTrapFcSwDown .1.3.6.1.4.1.12356.101.2.0.902 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Indicates that the specified switch controller session is down.
Variables:
  1: fnSysSerial
  2: sysName
  3: fgFcSwVdom
  4: fgFcSwSerial
  5: fgFcSwName
EDESC
#
#
#
EVENT fgFmTrapDeployComplete .1.3.6.1.4.1.12356.101.6.0.1000 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Indicates when deployment of a new configuration has been completed. Used for verification by FortiManager.
Variables:
  1: fnSysSerial
EDESC
#
#
#
EVENT fgFmTrapDeployInProgress .1.3.6.1.4.1.12356.101.6.0.1002 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Indicates that a configuration change was not immediate and that the change is currently in progress. Used for verification by FortiManager.
Variables:
  1: fnSysSerial
EDESC
#
#
#
EVENT fgFmTrapConfChange .1.3.6.1.4.1.12356.101.6.0.1003 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

The device configuration has been changed by something other than the managing FortiManager device.
Variables:
  1: fnSysSerial
EDESC
#
#
#
EVENT fgFmTrapIfChange .1.3.6.1.4.1.12356.101.6.0.1004 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Trap is sent to the managing FortiManager if an interface IP is changed
Variables:
  1: fnSysSerial
  2: ifName
  3: fgManIfIp
  4: fgManIfMask
  5: fgManIfIp6
EDESC
#
#
#
EVENT fgTrapServerLoadBalanceRealServerDown .1.3.6.1.4.1.12356.101.2.0.1101 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

One of servers in a Server Load Balance group goes down.
Variables:
  1: fnSysSerial
  2: sysName
  3: fgServerLoadBalanceRealServerAddress
  4: fgServerLoadBalanceVirtualServerName
EDESC
#
#
#
EVENT fgTrapPerCpuHigh .1.3.6.1.4.1.12356.101.2.0.1102 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

Indicates that per-CPU usage has exceeded the configured threshold.
Variables:
  1: fnSysSerial
  2: sysName
  3: fgPerCpuHighDetails
EDESC
#
#
#
EVENT fgTrapDeviceNew .1.3.6.1.4.1.12356.101.2.0.1201 "Status Events" Normal
FORMAT ZBXTRAP $aA $N $*
SDESC

A new device is found.
Variables:
  1: fnSysSerial
  2: sysName
  3: ifIndex
  4: fgVdEntIndex
  5: fgDeviceCreated
  6: fgDeviceLastSeen
  7: fgDeviceMacAddress
EDESC
[root@zabbix-server ~]#
Zabbix
よかったらシェアしてね!
  • URLをコピーしました!
  • URLをコピーしました!

関連記事

コメント

コメントする

CAPTCHA


目次