Home > Uncategorized > Monitoring policy packet and byte hit counts on a Fortigate via SNMP

Monitoring policy packet and byte hit counts on a Fortigate via SNMP

Within the MIB for the Fortigate, there are two OIDs that contain the policy hit counts:

fgFwPolPktCount
1.3.6.1.4.1.12356.101.5.1.2.1.1.2
Number of packets matched to policy (passed or blocked, depending on policy action). Count is from the time the policy became active.

1.3.6.1.4.1.12356.101.5.1.2.1.1.2.V.P = policy packet count for policy ID P, in VDOM V
fgFwPolByteCount
1.3.6.1.4.1.12356.101.5.1.2.1.1.3
Number of bytes in packets matching the policy. See fgFwPolPktCount.

1.3.6.1.4.1.12356.101.5.1.2.1.1.3.V.P = policy byte count for policy ID P, in VDOM V

I just created a DENY policy for a variety of geographic regions, a feature of the Fortigate. Although I am also monitoring destination country code information with argus, I have not yet integrated argus into an IDS platform. Before I do this, I can quickly set up a icinga/nagios service to query this value and report when it increases above 0. I am logging policy violations within the Fortigate so that I can quickly review the source, revert to argus, then to the workstation itself.

Advertisements
  1. rleme
    November 11, 2016 at 12:06 pm

    Great!!!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: