FortiSIEM Configuring Network Compliance Management Applications

Configuring Network Compliance Management Applications

AccelOps supports these Network Compliance Management applications and monitoring.

Cisco Network Compliance Manager Configuration

Cisco Network Compliance Manager Configuration

What is Discovered and Monitored

Protocol Information discovered Metrics/Logs collected Used for
Syslog   Network device software update, configuration analysis for compliance, admin login Log analysis and compliance

Event Types

Over 40 event types are generated by parsing Cisco Network Configuration Manager logs. The complete list can be found in CMDB > Event Types by searching for Cisco-NCM. Some important ones are

Cisco-NCM-Device-Software-Change

Cisco-NCM-Software-Update-Succeeded

Cisco-NCM-Software-Update-Failed

Cisco-NCM-Policy-Non-Compliance

Cisco-NCM-Device-Configuration-Deployment

Cisco-NCM-Device-Configuration-Deployment-Failure

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

AccelOps processes events from this device via syslog.  Configure the device to send syslog to AccelOps as directed in the device’s product documentation, and AccelOps will parse the contents.

Example Syslog

Note that each JSON formatted syslog contains many logs.

490998571 Mon Mar 03 03:09:31 EST 2014 Savvy Device Command Script

Completed Successfully server01.foo.com 10.4.161.32 Script ‘Re-enable

EasyTech port for Cisco IOS configuration’ completed.  Connect –

Succeeded Connected via ssh to 10.170.30.9 [in realm Default Realm]   Login / Authentication – Succeeded Successfully used: Last successful password  (Password rule Retail TACACS NCM Login)    Optional:Script Succeeded Successfully executed: prepare configuration for deployment Script – Succeeded Successfully executed: deploy to running configuration via TFTP through CLI Bypassed: deploy to running configuration via SCP through CLI.  (Requires SCP, CLI to be enabled.) Tried: deploy to running configuration via FTP through CLI (Warning: SSH server username or password not specified in NA admin settings.) Optional:Script – Succeeded Successfully executed: determine result of deployment operation  Script run: ———————————————————— ! interface fast0/16 no shut

491354611 Tue Mar 04 03:38:22 EST 2014 FooA Software Update Succeeded server01.foo.com 1.1.1.32  44571 10.173.30.9 $OrignatorEmail$ FooA Update Device Software 2014-03-04 03:30:00.0 usmist_1699295009

(1.13.3.9) Succeeded

 

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.