FortiNAC-F provides a robust engine for processing security notifications from third-party devices. For standard integrations, such as FortiGate or Check Point, the system comes pre-loaded with templates to interpret incoming data. However, when an administrator needs FortiNAC-F to process syslog messages from a vendor or device that is not supported by default, they must configure aSecurity Event Parser.
TheSecurity Event Parseracts as the translation layer. It uses regular expressions (Regex) or specific field mappings to identify key data points within a raw syslog string, such as the source IP address, the threat type, and the severity. Without a parser, FortiNAC-F may receive the syslog message but will be unable to " understand " its contents, meaning it cannot generate the necessarySecurity Eventrequired to trigger automated responses. Once a parser is created, the system can extract the host ' s IP address from the message, resolve it to a MAC address via L3 polling, and then apply the appropriate security rules. This allows for the integration of any security appliance capable of sending RFC-compliant syslog messages.
" FortiNAC parses the information based onpre-defined security event parsersstored in FortiNAC ' s database... If the incoming message format is not recognized, a newSecurity Event Parsermust be created to define how the system should extract data fields from the raw syslog message. This enables FortiNAC to generate a security event and take action based on the alarm configuration. " —FortiNAC-F Administration Guide: Security Event Parsers.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit