FortiSIEM Management Server/Appliance Configuration

Management Server/Appliance Configuration

AccelOps supports these web servers for discovery and monitoring.

Cisco Application Centric Infrastructure (ACI) Configuration Fortinet FortiManager Configuration

Cisco Application Centric Infrastructure (ACI) Configuration

What is Discovered and Monitored

Protocol Information

Discovered

Metrics Collected Used For
Cisco APIC

API (REST)

  Overall Health, Tenant Health, Node Health, Cluster Health, Application Health, EPG health, Fault

Record, Event record, Log Record, Configuration Change

Availability and

Performance Monitoring

Event Types

Go to CMDB > Event Types and search for “Cisco_ACI”

Rules

Go to CMDB > Rules and search for “Cisco ACI”

Reports

Go to CMDB > Reports and search for “Cisco ACI”

Configuration

Cisco ACI Configuration

Please configure Cisco ACI Appliance so that FortiSIEM can access it via APIC API

FortiSIEM Configuration

  1. Go to Admin > Setup > Credentials
  2. Click New and create a credential as follows
    1. Name – enter a name
    2. Device Type – set to Cisco Cisco ACI
    3. Access Protocol – set to Cisco APIC API
    4. Password Configuration – set to Manual
    5. Set User Name and Password for the various REST API
    6. Click Save
  3. Create an IP to Credential Mapping
    1. IP – specify the IP address of the ACI Controller
    2. Credential – specify the Name as in 2a
  4. Test Connectivity – Run Test Connectivity with or without ping and make sure the test succeeds
  5. Check Pull Events tab to make sure that a event pulling entry is created

Sample Events

Overall Health Event

[Cisco_ACI_Overall_Health]: {“attributes”:{“childAction”:””,”cnt”:”29″,”dn”:”topology/HDfabricOveral lHealth5min0″,”healthAvg”:”82″,”healthMax”:”89″,”healthMin”:”0″,”healthS pct”:”0″,”healthThr”:””,”healthTr”:”1″,”index”:”0″,”lastCollOffset”:”290 “,”repIntvEnd”:”2016-09-05T08:13:53.232+00:00″,”repIntvStart”:”2016-09-0

5T08:09:03.128+00:00″,”status”:””}}

Tenant Health Event

 

[Cisco_ACI_Tenant_Health]: {“attributes”:{“childAction”:””,”descr”:””,”dn”:”uni/tn-CliQr”,”lcOwn”:” local”,”modTs”:”2016-09-05T07:56:27.164+00:00″,”monPolDn”:”uni/tn-common /monepg-default”,”name”:”CliQr”,”ownerKey”:””,”ownerTag”:””,”status”:””,

“uid”:”15374″},”children”:[{“healthInst”:{“attributes”:{“childAction”:”” ,”chng”:”0″,”cur”:”100″,”maxSev”:”cleared”,”prev”:”100″,”rn”:”health”,”s tatus”:””,”twScore”:”100″,”updTs”:”2016-09-05T08:27:03.584+00:00″}}}]

Nodes Health Event

[Cisco_ACI_Node_Health]:

{“attributes”:{“address”:”10.0.208.95″,”childAction”:””,”configIssues”:” “,”currentTime”:”2016-09-05T08:15:51.794+00:00″,”dn”:”topology/pod-1/nod e-101/sys”,”fabricId”:”1″,”fabricMAC”:”00:22:BD:F8:19:FF”,”id”:”101″,”in bMgmtAddr”:”0.0.0.0″,”inbMgmtAddr6″:”0.0.0.0″,”lcOwn”:”local”,”modTs”:”2 016-09-05T07:57:29.435+00:00″,”mode”:”unspecified”,”monPolDn”:”uni/fabri c/monfab-default”,”name”:”Leaf1″,”oobMgmtAddr”:”0.0.0.0″,”oobMgmtAddr6″: “0.0.0.0”,”podId”:”1″,”role”:”leaf”,”serial”:”TEP-1-101″,”state”:”in-ser vice”,”status”:””,”systemUpTime”:”00:00:27:05.000″},”children”:[{“health Inst”:{“attributes”:{“childAction”:””,”chng”:”-10″,”cur”:”90″,”maxSev”:” cleared”,”prev”:”100″,”rn”:”health”,”status”:””,”twScore”:”90″,”updTs”:” 2016-09-05T07:50:08.415+00:00″}}}]

Cluster Health Event

[Cisco_ACI_Cluster_Health]:

{“attributes”:{“addr”:”10.0.0.1″,”adminSt”:”in-service”,”chassis”:”10220 833-ea00-3bb3-93b2-ef1e7e645889″,”childAction”:””,”cntrlSbstState”:”appr oved”,”dn”:”topology/pod-1/node-1/av/node-1″,”health”:”fully-fit”,”id”:” 1″,”lcOwn”:”local”,”mbSn”:”TEP-1-1″,”modTs”:”2016-09-05T08:00:46.797+00: 00″,”monPolDn”:””,”mutnTs”:”2016-09-05T07:50:19.570+00:00″,”name”:””,”no deName”:”apic1″,”operSt”:”available”,”status”:””,”uid”:”0″}

Application Health Event

[Cisco_ACI_Application_Health]:

{“attributes”:{“childAction”:””,”descr”:””,”dn”:”uni/tn-infra/ap-access”

,”lcOwn”:”local”,”modTs”:”2016-09-07T08:17:20.503+00:00″,”monPolDn”:”uni /tn-common/monepg-default”,”name”:”access”,”ownerKey”:””,”ownerTag”:””,” prio”:”unspecified”,”status”:””,”uid”:”0″},”children”:[{“healthInst”:{“a ttributes”:{“childAction”:””,”chng”:”0″,”cur”:”100″,”maxSev”:”cleared”,” prev”:”100″,”rn”:”health”,”status”:””,”twScore”:”100″,”updTs”:”2016-09-0 7T08:39:35.531+00:00″}}}]}

EPG Health Event

[Cisco_ACI_EPG_Health]: {“attributes”:{“childAction”:””,”configIssues”:””,”configSt”:”applied”,” descr”:””,”dn”:”uni/tn-infra/ap-access/epg-default”,”isAttrBasedEPg”:”no “,”lcOwn”:”local”,”matchT”:”AtleastOne”,”modTs”:”2016-09-07T08:17:20.503 +00:00″,”monPolDn”:”uni/tn-common/monepg-default”,”name”:”default”,”pcEn fPref”:”unenforced”,”pcTag”:”16386″,”prio”:”unspecified”,”scope”:”167771 99″,”status”:””,”triggerSt”:”triggerable”,”txId”:”5764607523034234882″,” uid”:”0″},”children”:[{“healthInst”:{“attributes”:{“childAction”:””,”chn g”:”0″,”cur”:”100″,”maxSev”:”cleared”,”prev”:”100″,”rn”:”health”,”status “:””,”twScore”:”100″,”updTs”:”2016-09-07T08:39:35.549+00:00″}}}]

Fault Record Event

[Cisco_ACI_Fault_Record]: ,”created”:”2016-09-05T08:00:41.313+00:00″,”delegated”:”no”,”delegatedFr om”:””,”descr”:”Controller3isunhealthybecause:DataLayerPartiallyDegraded Leadership”,”dn”:”subj-[topology/pod-1/node-1/av/node-3]/fr-4294967583″, “domain”:”infra”,”highestSeverity”:”critical”,”id”:”4294967583″,”ind”:”m odification”,”lc”:”soaking”,”modTs”:”never”,”occur”:”1″,”origSeverity”:” critical”,”prevSeverity”:”critical”,”rule”:”infra-wi-node-health”,”sever ity”:”critical”,”status”:””,”subject”:”controller”,”type”:”operational”}

Event Record Event

[Cisco_ACI_Event_Record]: {“attributes”:{“affected”:”topology/pod-1/node-2/lon/svc-ifc_dhcpd”,”cau se”:”state-change”,”changeSet”:”id:ifc_dhcpd,leCnnct:undefined,leNonOptC nt:undefined,leNotCnnct:undefined,name:ifc_dhcpd”,”childAction”:””,”code “:”E4204979″,”created”:”2016-09-05T07:57:37.024+00:00″,”descr”:”Allshard sofserviceifc_dhcpdhaveconnectivitytotheleaderreplicaintheCluster.”,”dn” :”subj-[topology/pod-1/node-2/lon/svc-ifc_dhcpd]/rec-8589934722″,”id”:”8 589934722″,”ind”:”state-transition”,”modTs”:”never”,”severity”:”info”,”s tatus”:””,”trig”:”oper”,”txId”:”18374686479671623682″,”user”:”internal”}

Log Record Event

[Cisco_ACI_Log_Record]: {“attributes”:{“affected”:”uni/userext/user-admin”,”cause”:”unknown”,”ch angeSet”:””,”childAction”:””,”clientTag”:””,”code”:”generic”,”created”:” 2016-09-05T07:56:25.825+00:00″,”descr”:”From-198.18.134.150-client-typeREST-Success”,”dn”:”subj-[uni/userext/user-admin]/sess-4294967297″,”id”:

“4294967297”,”ind”:”special”,”modTs”:”never”,”severity”:”info”,”status”:

“”,”systemId”:”1″,”trig”:”login,session”,”txId”:”0″,”user”:”admin”}

Configuration Change Event

[Cisco_ACI_Configuration_Chang]:

{“attributes”:{“affected”:”uni/tn-CliQr/out-CliQr-Prod-L3Out/instP-CliQr

-Prod-L3Out-EPG/rscustQosPol”,”cause”:”transition”,”changeSet”:””,”child Action”:””,”clientTag”:””,”code”:”E4206266″,”created”:”2016-09-05T07:56:

27.099+00:00″,”descr”:”RsCustQosPolcreated”,”dn”:”subj-[uni/tn-CliQr/out

-CliQr-Prod-L3Out/instP-CliQr-Prod-L3Out-EPG/rscustQosPol]/mod-429496730

8″,”id”:”4294967308″,”ind”:”creation”,”modTs”:”never”,”severity”:”info”, “status”:””,”trig”:”config”,”txId”:”7493989779944505526″,”user”:”admin”}

}

 

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.