FortiSIEM Configuring Network Compliance Management Applications

Leave a reply
Configuring Network Compliance Management Applications

AccelOps supports these Network Compliance Management applications and monitoring.

Cisco Network Compliance Manager Configuration

Cisco Network Compliance Manager Configuration

What is Discovered and Monitored

Protocol Information discovered Metrics/Logs collected Used for
Syslog   Network device software update, configuration analysis for compliance, admin login Log analysis and compliance

Event Types

Over 40 event types are generated by parsing Cisco Network Configuration Manager logs. The complete list can be found in CMDB > Event Types by searching for Cisco-NCM. Some important ones are

Cisco-NCM-Device-Software-Change

Cisco-NCM-Software-Update-Succeeded

Cisco-NCM-Software-Update-Failed

Cisco-NCM-Policy-Non-Compliance

Cisco-NCM-Device-Configuration-Deployment

Cisco-NCM-Device-Configuration-Deployment-Failure

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

AccelOps processes events from this device via syslog.  Configure the device to send syslog to AccelOps as directed in the device’s product documentation, and AccelOps will parse the contents.

Example Syslog

Note that each JSON formatted syslog contains many logs.

490998571 Mon Mar 03 03:09:31 EST 2014 Savvy Device Command Script

Completed Successfully server01.foo.com 10.4.161.32 Script ‘Re-enable

EasyTech port for Cisco IOS configuration’ completed.  Connect –

Succeeded Connected via ssh to 10.170.30.9 [in realm Default Realm]   Login / Authentication – Succeeded Successfully used: Last successful password  (Password rule Retail TACACS NCM Login)    Optional:Script Succeeded Successfully executed: prepare configuration for deployment Script – Succeeded Successfully executed: deploy to running configuration via TFTP through CLI Bypassed: deploy to running configuration via SCP through CLI.  (Requires SCP, CLI to be enabled.) Tried: deploy to running configuration via FTP through CLI (Warning: SSH server username or password not specified in NA admin settings.) Optional:Script – Succeeded Successfully executed: determine result of deployment operation  Script run: ———————————————————— ! interface fast0/16 no shut

491354611 Tue Mar 04 03:38:22 EST 2014 FooA Software Update Succeeded server01.foo.com 1.1.1.32  44571 10.173.30.9 $OrignatorEmail$ FooA Update Device Software 2014-03-04 03:30:00.0 usmist_1699295009

(1.13.3.9) Succeeded

 

 

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.