Node.js example: Connecting to the fortianalyzer xml api
If you’re one of the few people on earth who need to connect to the Fortianalyzer XML API using Node.js, it’s your lucky day! Read on to see working examples of how I got this working.
Fortianalyzer in a nutshell
In the words of Fortinet themselves, “FortiAnalyzer offers centralized network security logging and reporting for the Fortinet Security Fabric”. At a very high level, it aggregates logs from a large number of managed Firewalls and presents them to you in one place. What you then do with this data is up to you, and this is where the XML API may come in.
Fortinet provides a Fortianalyzer XML API document here, but other than this you probably aren’t going to find much help online. I could not find working examples of code in any language. This API is far from the modern REST APIs we have become used to, so I thought it could help others to see how I got this working.
My particular use case was to query traffic logs, but there are a number of other things that you can do such as:
- Managing adoms
- Managing devices
- Running reports that you create in the GUI
- Getting the system status
Let’s get started
Download your WSDL file
Go to the URL of your Fortianalyzer, then add port :8080 to the end of it. The WSDL file loads up on your screen. Right click this, then save it locally. It would be convenient if this file was good to go from the beginning, but it’s not, and there are a couple of gotchas to sort out first. Make sure to read on and sort these out.
Gotcha 1: Change the namespace in your WSDL file
The name space needs to be changed from the default namespace of tns to r20. You could just do this on the fly when you make your request using a soap library, but seeing as the Fortianalyzer XML API documentation only calls for r20, I thought it simpler to update the WSDL file itself. For me this was on line 4:
Gotcha 2: Update the Fortianalyzer SOAP address in your WSDL file
This can be found almost at the very end of the WSDL file. Update this server name or IP to point to your Fortianalyzer.
Save your WSDL file
Take note of its local path as you will need to reference it in your functions.
Install the npm soap library
Open up a terminal make sure you’re inside your project directory. To install soap run:
npm install soap — save
Working examples of connecting to the API
Get adom list
Get Device List
Get Device Vdom list
List FAZ generated reports
Run FAZ report
Search FAZ logs
Tips and pointers
See the xml request you sent
This can be useful for troubleshooting. You can use the client.lastRequest method as such:
Dynamically pass variables to your search FAZ logs function
It’s unlikely you will want to hard code your search criteria, so you can just pass these in dynamically like so: