FortiSIEM Linux DHCP Configuration

Linux DHCP Configuration

What is Discovered and Monitored

Configure Linux DHCP to Forward Logs to Syslog Daemon

Configure Syslog to Forward to Accelops

Sample Syslog

Settings for Access Credentials

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
SNMP Application type Process level CPU utilization, Memory utilization Performance Monitoring
Syslog Application type DHCP address release/renew events that are used by AccelOps for Identity and location: attributes include IP Address, MAC address, Host Name Security and compliance (associate machines to IP addresses)

Event Types

In CMDB > Event Types, search for “linux dhcp” in the Device Type column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

  1. Make sure that snmp libraries are installed.

AccelOps has been tested to work with net-snmp libraries.

  1. Log in to your device with administrator credentials.
  2. Modify the /etc/snmp/snmpd.conf file:
    1. Define the community string for AccelOps usage and permit snmp access from AccelOps IP.
    2. Allow AccelOps to (read-only) view the mib-2 tree.
    3. Open up the entire tree for read-only view.
  3. Restart the snmpd deamon by issuing /etc/init.d/snmpd restart.
  4. Add the snmpd daemon to start from boot by issuing chkconfig snmpd on.
  5. Make sure that snmpd is running.

You can now configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.

Syslog

Configure Linux DHCP to Forward Logs to Syslog Daemon

  1. Edit conf and insert the line log-facility local7;.
  2. Restart dhcpd by issuing /etc/init.d/dhcpd restart. Configure Syslog to Forward to Accelops
  3. Edit conf and add a new line: Local7.* @<IP address of AccelOps server>.
  4. Restart syslog daemon by issuing /etc/init.d/syslog restart. Sample Syslog

Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.