FortiSIEM Nginx Web Server Configuration

Nginx Web Server Configuration

Event Types

Rules

Reports

Configuration

SNMP

Syslog

Settings for Access Credentials

The following protocols are used to discover and monitor various aspects of Nginx webserver.

Protocol Information discovered Metrics collected Used for
SNMP Application type Process level metrics: CPU utilization, Memory utilization Performance

Monitoring

Syslog   W3C access logs: attributes include Client IP, URL, User Agent, Referrer, HTTP Version, HTTP Method,

HTTP Status Code, Sent Bytes, Received Bytes, Connection Duration

Security Monitoring and compliance

Event Types

In CMDB > Event Types, search for “nginx” in the Device Type and Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Syslog

AccelOps processes events from this device via syslogs sent by the device. Configure the device to send syslogs to AccelOps as directed in the device’s product documentation, and AccelOps will parse the contents.

For Syslog Server, or the server where the syslogs should be sent, enter the IP address of your AccelOps virtual appliance.

For Port, enter 514.

Make sure that the syslog type is Common Event Format (CEF). The syslog format should be the same as that shown in the example.

Example nginx Syslog

<29>Jun 15 07:59:03 ny-n1-p2 nginx: “200.158.115.204”,”-“,”Mozilla/5.0

(Windows NT 5.1 WOW64; rv:9.0.1) Gecko/20100178 Firefox/9.0.1″,”/images/design/header-2-logo.jpg”,”GET”,”http://wm-cente r.com/images/design/header-2-logo.jpg”,”200″,”0″,”/ypf-cookie_auth/index .html”,”0.000″,”877″,”-“,”10.4.200.203″,”80″,”wm-center.com”,”no-cache, no-store, must-revalidate”,”-“,”1.64″,”_”,”-“,”-”

Settings for Access Credentials

SNMP Access Credentials for All Devices

When setting the Access Method Definition for allowing AccelOps to communicate with your device over SNMP, use these settings.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.