FortiSIEM Configuring WAN Accelerators

Leave a reply

Configuring WAN Accelerators

AccelOps supports these wide area network accelerators for discovery and monitoring.

Cisco Wide Area Application Server Configuration

Riverbed SteelHead WAN Accelerator Configuration

Cisco Wide Area Application Server Configuration

 

What is Discovered and Monitored
Protocol Information Discovered Metrics collected Used for
SNMP Host name, Software version, Hardware model, Network interfaces Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Disk space utilization, Process cpu/memory utilization Availability and

Performance

Monitoring

Event Types

[PH_DEV_MON_SYS_PROC_COUNT]:[eventSeverity]=PHL_INFO,[fileName]=phP erfJob.cpp,[lineNumber]=11710,[hostName]=edge.bank.com,[hostIpAddr] =10.19.1.5,[procCount]=429,[pollIntv]=176,[phLogDetail]=

PH_DEV_MON_NET_INTF_UTIL

[PH_DEV_MON_NET_INTF_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=phI ntfFilter.cpp,[lineNumber]=323,[intfName]=GigabitEthernet 1/0,[intfAlias]=,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[p ollIntv]=56,[recvBytes64]=0,[recvBitsPerSec]=0.000000,[inIntfUtil]= 0.000000,[sentBytes64]=0,[sentBitsPerSec]=0.000000,[outIntfUtil]=0.

000000,[recvPkts64]=0,[sentPkts64]=0,[inIntfPktErr]=0,[inIntfPktErr

Pct]=0.000000,[outIntfPktErr]=0,[outIntfPktErrPct]=0.000000,[inIntf PktDiscarded]=0,[inIntfPktDiscardedPct]=0.000000,[outIntfPktDiscard ed]=0,[outIntfPktDiscardedPct]=0.000000,[outQLen64]=0,[intfInSpeed6 4]=100000000,[intfOutSpeed64]=100000000,[intfAdminStatus]=,[intfOpe rStatus]=,[daysSinceLastUse]=0,[totIntfPktErr]=0,[totBitsPerSec]=0. 000000,[phLogDetail]=

PH_DEV_MON_PROC_RESOURCE_UTIL

[PH_DEV_MON_PROC_RESOURCE_UTIL]:[eventSeverity]=PHL_INFO,[fileName] =phPerfJob.cpp,[lineNumber]=4320,[swProcName]=syslogd,[hostName]=ed ge.bank.com,[hostIpAddr]=10.19.1.5,[procOwner]=,[memUtil]=0.038191, [cpuUtil]=0.000000,[appName]=Syslog Server,[appGroupName]=Unix

Syslog Server,[pollIntv]=116,[swParam]=-s -f

/etc/syslog.conf-diamond,[phLogDetail]=

Rules

Regular monitoring rules

Reports

Regular monitoring reports

Configuration

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

 

 

Riverbed SteelHead WAN Accelerator Configuration

 

What is Discovered and Monitored
Protocol Information Discovered Metrics collected Used for
SNMP Host name, Software version, Hardware model, Network interfaces Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Disk space utilization, Process cpu/memory utilization Availability and

Performance

Monitoring
SNMP   Hardware status Availability and

Performance

Monitoring
SNMP   Bandwidth metrics: Inbound Optimized Bytes – LAN side, WAN side, Outbound optimized bytes LAN side and WAN side

Connection metrics: Optimized connections, Passthrough connections, Half-open optimized connections, Half-closed Optimized connections, Established optimized connections, Active optimized connections

Top Usage metrics: Top source (Source IP, Total Bytes), Top destination (Destination IP, Total

Bytes), Top Application (TCP/UDP port, Total Bytes), Top Talker (Source IP, Source Port, Destination IP, Destination Port, Total Bytes)

Peer status: For every peer: State, Connection failures, Request timeouts, Max latency

 Availability and

Performance

Monitoring
SNMP

Trap

   All traps: software errors, hardware errors, admin login, performance issues – cpu, memory, peer latency issues. Around 115 traps defined in CMDB > Event Types. The mapped event types start with “Riverbed-“. Availability,

Security and

Compliance

Event Types

In CMDB > Event Types, search for “steelhead” in the Description and Device Type columns to see the event types associated with this device.

Rules

In Analytics > Rules, search for “steelhead” in the Name column to see the rules associated with this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

SNMP Trap

AccelOps processes events from this device via SNMP traps sent by the device. Configure the device to send send SNMP traps to AccelOps as directed in the device’s product documentation, and AccelOps will parse the contents.

Example SNMP Trap

Settings for Access Credentials
This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.