FortiSIEM Nginx Web Server Configuration

Leave a reply
Nginx Web Server Configuration

Event Types

Rules

Reports

Configuration

SNMP

Syslog

Settings for Access Credentials

The following protocols are used to discover and monitor various aspects of Nginx webserver.

Protocol Information discovered Metrics collected Used for
SNMP Application type Process level metrics: CPU utilization, Memory utilization Performance

Monitoring
Syslog   W3C access logs: attributes include Client IP, URL, User Agent, Referrer, HTTP Version, HTTP Method,

HTTP Status Code, Sent Bytes, Received Bytes, Connection Duration

 Security Monitoring and compliance

Event Types

In CMDB > Event Types, search for “nginx” in the Device Type and Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Syslog

AccelOps processes events from this device via syslogs sent by the device. Configure the device to send syslogs to AccelOps as directed in the device’s product documentation, and AccelOps will parse the contents.

For Syslog Server, or the server where the syslogs should be sent, enter the IP address of your AccelOps virtual appliance.

For Port, enter 514.

Make sure that the syslog type is Common Event Format (CEF). The syslog format should be the same as that shown in the example.

Example nginx Syslog

<29>Jun 15 07:59:03 ny-n1-p2 nginx: “200.158.115.204”,”-“,”Mozilla/5.0

(Windows NT 5.1 WOW64; rv:9.0.1) Gecko/20100178 Firefox/9.0.1″,”/images/design/header-2-logo.jpg”,”GET”,”http://wm-cente r.com/images/design/header-2-logo.jpg”,”200″,”0″,”/ypf-cookie_auth/index .html”,”0.000″,”877″,”-“,”10.4.200.203″,”80″,”wm-center.com”,”no-cache, no-store, must-revalidate”,”-“,”1.64″,”_”,”-“,”-”

Settings for Access Credentials

SNMP Access Credentials for All Devices

When setting the Access Method Definition for allowing AccelOps to communicate with your device over SNMP, use these settings.

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.