FortiSIEM Management Server/Appliance Configuration

Management Server/Appliance Configuration

AccelOps supports these web servers for discovery and monitoring.

Cisco Application Centric Infrastructure (ACI) Configuration Fortinet FortiManager Configuration

Cisco Application Centric Infrastructure (ACI) Configuration

What is Discovered and Monitored

Protocol Information

Discovered

Metrics Collected Used For
Cisco APIC

API (REST)

  Overall Health, Tenant Health, Node Health, Cluster Health, Application Health, EPG health, Fault

Record, Event record, Log Record, Configuration Change

Availability and

Performance Monitoring

Event Types

Go to CMDB > Event Types and search for “Cisco_ACI”

Rules

Go to CMDB > Rules and search for “Cisco ACI”

Reports

Go to CMDB > Reports and search for “Cisco ACI”

Configuration

Cisco ACI Configuration

Please configure Cisco ACI Appliance so that FortiSIEM can access it via APIC API

FortiSIEM Configuration

  1. Go to Admin > Setup > Credentials
  2. Click New and create a credential as follows
    1. Name – enter a name
    2. Device Type – set to Cisco Cisco ACI
    3. Access Protocol – set to Cisco APIC API
    4. Password Configuration – set to Manual
    5. Set User Name and Password for the various REST API
    6. Click Save
  3. Create an IP to Credential Mapping
    1. IP – specify the IP address of the ACI Controller
    2. Credential – specify the Name as in 2a
  4. Test Connectivity – Run Test Connectivity with or without ping and make sure the test succeeds
  5. Check Pull Events tab to make sure that a event pulling entry is created

Sample Events

Overall Health Event

[Cisco_ACI_Overall_Health]: {“attributes”:{“childAction”:””,”cnt”:”29″,”dn”:”topology/HDfabricOveral lHealth5min0″,”healthAvg”:”82″,”healthMax”:”89″,”healthMin”:”0″,”healthS pct”:”0″,”healthThr”:””,”healthTr”:”1″,”index”:”0″,”lastCollOffset”:”290 “,”repIntvEnd”:”2016-09-05T08:13:53.232+00:00″,”repIntvStart”:”2016-09-0

5T08:09:03.128+00:00″,”status”:””}}

Tenant Health Event

 

[Cisco_ACI_Tenant_Health]: {“attributes”:{“childAction”:””,”descr”:””,”dn”:”uni/tn-CliQr”,”lcOwn”:” local”,”modTs”:”2016-09-05T07:56:27.164+00:00″,”monPolDn”:”uni/tn-common /monepg-default”,”name”:”CliQr”,”ownerKey”:””,”ownerTag”:””,”status”:””,

“uid”:”15374″},”children”:[{“healthInst”:{“attributes”:{“childAction”:”” ,”chng”:”0″,”cur”:”100″,”maxSev”:”cleared”,”prev”:”100″,”rn”:”health”,”s tatus”:””,”twScore”:”100″,”updTs”:”2016-09-05T08:27:03.584+00:00″}}}]

Nodes Health Event

[Cisco_ACI_Node_Health]:

{“attributes”:{“address”:”10.0.208.95″,”childAction”:””,”configIssues”:” “,”currentTime”:”2016-09-05T08:15:51.794+00:00″,”dn”:”topology/pod-1/nod e-101/sys”,”fabricId”:”1″,”fabricMAC”:”00:22:BD:F8:19:FF”,”id”:”101″,”in bMgmtAddr”:”0.0.0.0″,”inbMgmtAddr6″:”0.0.0.0″,”lcOwn”:”local”,”modTs”:”2 016-09-05T07:57:29.435+00:00″,”mode”:”unspecified”,”monPolDn”:”uni/fabri c/monfab-default”,”name”:”Leaf1″,”oobMgmtAddr”:”0.0.0.0″,”oobMgmtAddr6″: “0.0.0.0”,”podId”:”1″,”role”:”leaf”,”serial”:”TEP-1-101″,”state”:”in-ser vice”,”status”:””,”systemUpTime”:”00:00:27:05.000″},”children”:[{“health Inst”:{“attributes”:{“childAction”:””,”chng”:”-10″,”cur”:”90″,”maxSev”:” cleared”,”prev”:”100″,”rn”:”health”,”status”:””,”twScore”:”90″,”updTs”:” 2016-09-05T07:50:08.415+00:00″}}}]

Cluster Health Event

[Cisco_ACI_Cluster_Health]:

{“attributes”:{“addr”:”10.0.0.1″,”adminSt”:”in-service”,”chassis”:”10220 833-ea00-3bb3-93b2-ef1e7e645889″,”childAction”:””,”cntrlSbstState”:”appr oved”,”dn”:”topology/pod-1/node-1/av/node-1″,”health”:”fully-fit”,”id”:” 1″,”lcOwn”:”local”,”mbSn”:”TEP-1-1″,”modTs”:”2016-09-05T08:00:46.797+00: 00″,”monPolDn”:””,”mutnTs”:”2016-09-05T07:50:19.570+00:00″,”name”:””,”no deName”:”apic1″,”operSt”:”available”,”status”:””,”uid”:”0″}

Application Health Event

[Cisco_ACI_Application_Health]:

{“attributes”:{“childAction”:””,”descr”:””,”dn”:”uni/tn-infra/ap-access”

,”lcOwn”:”local”,”modTs”:”2016-09-07T08:17:20.503+00:00″,”monPolDn”:”uni /tn-common/monepg-default”,”name”:”access”,”ownerKey”:””,”ownerTag”:””,” prio”:”unspecified”,”status”:””,”uid”:”0″},”children”:[{“healthInst”:{“a ttributes”:{“childAction”:””,”chng”:”0″,”cur”:”100″,”maxSev”:”cleared”,” prev”:”100″,”rn”:”health”,”status”:””,”twScore”:”100″,”updTs”:”2016-09-0 7T08:39:35.531+00:00″}}}]}

EPG Health Event

[Cisco_ACI_EPG_Health]: {“attributes”:{“childAction”:””,”configIssues”:””,”configSt”:”applied”,” descr”:””,”dn”:”uni/tn-infra/ap-access/epg-default”,”isAttrBasedEPg”:”no “,”lcOwn”:”local”,”matchT”:”AtleastOne”,”modTs”:”2016-09-07T08:17:20.503 +00:00″,”monPolDn”:”uni/tn-common/monepg-default”,”name”:”default”,”pcEn fPref”:”unenforced”,”pcTag”:”16386″,”prio”:”unspecified”,”scope”:”167771 99″,”status”:””,”triggerSt”:”triggerable”,”txId”:”5764607523034234882″,” uid”:”0″},”children”:[{“healthInst”:{“attributes”:{“childAction”:””,”chn g”:”0″,”cur”:”100″,”maxSev”:”cleared”,”prev”:”100″,”rn”:”health”,”status “:””,”twScore”:”100″,”updTs”:”2016-09-07T08:39:35.549+00:00″}}}]

Fault Record Event

[Cisco_ACI_Fault_Record]: ,”created”:”2016-09-05T08:00:41.313+00:00″,”delegated”:”no”,”delegatedFr om”:””,”descr”:”Controller3isunhealthybecause:DataLayerPartiallyDegraded Leadership”,”dn”:”subj-[topology/pod-1/node-1/av/node-3]/fr-4294967583″, “domain”:”infra”,”highestSeverity”:”critical”,”id”:”4294967583″,”ind”:”m odification”,”lc”:”soaking”,”modTs”:”never”,”occur”:”1″,”origSeverity”:” critical”,”prevSeverity”:”critical”,”rule”:”infra-wi-node-health”,”sever ity”:”critical”,”status”:””,”subject”:”controller”,”type”:”operational”}

Event Record Event

[Cisco_ACI_Event_Record]: {“attributes”:{“affected”:”topology/pod-1/node-2/lon/svc-ifc_dhcpd”,”cau se”:”state-change”,”changeSet”:”id:ifc_dhcpd,leCnnct:undefined,leNonOptC nt:undefined,leNotCnnct:undefined,name:ifc_dhcpd”,”childAction”:””,”code “:”E4204979″,”created”:”2016-09-05T07:57:37.024+00:00″,”descr”:”Allshard sofserviceifc_dhcpdhaveconnectivitytotheleaderreplicaintheCluster.”,”dn” :”subj-[topology/pod-1/node-2/lon/svc-ifc_dhcpd]/rec-8589934722″,”id”:”8 589934722″,”ind”:”state-transition”,”modTs”:”never”,”severity”:”info”,”s tatus”:””,”trig”:”oper”,”txId”:”18374686479671623682″,”user”:”internal”}

Log Record Event

[Cisco_ACI_Log_Record]: {“attributes”:{“affected”:”uni/userext/user-admin”,”cause”:”unknown”,”ch angeSet”:””,”childAction”:””,”clientTag”:””,”code”:”generic”,”created”:” 2016-09-05T07:56:25.825+00:00″,”descr”:”From-198.18.134.150-client-typeREST-Success”,”dn”:”subj-[uni/userext/user-admin]/sess-4294967297″,”id”:

“4294967297”,”ind”:”special”,”modTs”:”never”,”severity”:”info”,”status”:

“”,”systemId”:”1″,”trig”:”login,session”,”txId”:”0″,”user”:”admin”}

Configuration Change Event

[Cisco_ACI_Configuration_Chang]:

{“attributes”:{“affected”:”uni/tn-CliQr/out-CliQr-Prod-L3Out/instP-CliQr

-Prod-L3Out-EPG/rscustQosPol”,”cause”:”transition”,”changeSet”:””,”child Action”:””,”clientTag”:””,”code”:”E4206266″,”created”:”2016-09-05T07:56:

27.099+00:00″,”descr”:”RsCustQosPolcreated”,”dn”:”subj-[uni/tn-CliQr/out

-CliQr-Prod-L3Out/instP-CliQr-Prod-L3Out-EPG/rscustQosPol]/mod-429496730

8″,”id”:”4294967308″,”ind”:”creation”,”modTs”:”never”,”severity”:”info”, “status”:””,”trig”:”config”,”txId”:”7493989779944505526″,”user”:”admin”}

}

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.