Oxidized / Fortigate Issues

I am having some issues with getting configs from Fortigate units.

I’m getting a Timeout:Error with msg “execution expired” message and then ssh failed message.

We use a custom ssh port for our units and i’ve tried every which way to pass that through . My source is set to be fed in from LibreNMS . I’ve tried passing the ssh port through via the models section of the oxidized config, through groups setting in the config and even through a mapping in the librenms config (although i’m not sure i had that one set correctly).

But none of this has worked. I’m not even 100% sure it’s an issue with the port or not.

I can ssh into the unit with putty from my desktop as well as ssh into the unit straight from the command line of the system that oxidized is running on .

LibreNMS & Oxidized are running on the same Centos 7 system.

Any help would be appreciated because I’ve been wracking my brain on this for awhile. I can post any configs or whatever you need, just let me know. Thanks.

Now that i’m looking at the ssh log for the fortigate unit , it looks like it’s getting to a certain point in the get hardware status command where there’s a delay and maybe it’s timing out?

Large fortigate configs can take really long to output show full configuration so you need to make sure you have a timeout of like 5min.

First for me the small configs didn’t work either but after I added the model map it worked ok.

fortigate: fortios

You are talking about the global timeout up in the top section of the oxidized config? Or a model/ group specific timeout?

Ok, so yea I already had the model map set but I finally got it to successfully do backups of the fortigate by like you said increasing the timeout to 5 mins / 300 secs. Thank you

The timeout you could do both ways, set it globally or for this particular os.

In any case good to hear you got it working now.

How do you set the time out on a per os basis? Do you do it through the group section in the config like I had to do for our custom ssh port or where ?

It should be doable with groups indeed, or models, which ever you prefer.

There you just add the overriding timeout variable.

Not sure what version of oxidized you are running but I am on 0.25.1 and I am backing up 15 FGTs with no issues.
I remember having similar issue a while back ago but I think updating oxidized fixed that for me (gem update oxidized).

Mostly it depends on how large the config is. If you have multiple VDOMs then of course the config also gets larger and larger. If I do gem update oxidized I get already up to date.