FortiSIEM HP BladeSystem Configuration

Leave a reply
HP BladeSystem Configuration

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for
SNMP Host name, Access IP, Hardware components – processors, chassis, blades, board, cpu, memory, storage, power supply unit, fan unit Hardware status: Fan status, Power supply status, power enclosure status, Overall status Availability and

Performance

Monitoring

Event Types

There are no event types defined specifically for this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover the HP BladeSystem and collect hardware statistics. See the instructions on configuring SNMP in your Bladesystem documentation to enable communications with AccelOps.

After you have configured SNMP on your BladeSystem blade server, you can configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discover ing Infrastructure.

FortiSIEM Configuring Blade Servers

Leave a reply
Configuring Blade Servers

AccelOps supports these blade servers for discovery and monitoring.

Cisco UCS Server Configuration

HP BladeSystem Configuration

 

Cisco UCS Server Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

UCS XML API

Settings for Access Credentials

Sample Cisco UCS Events

Power Supply Status Event

Processor Status Event

Chassis Status Event

Memory Status Event

Fan Status Event

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for
Cisco

UCS API

 Host name, Access IP,

Hardware components processors, chassis, blades, board, cpu, memory, storage, power supply unit, fan unit

 Chassis status: Input Power, Input Avg Power, Input Max Power, Input Min Power, Output Power, Output Avg Power, Output Max Power, Output Min Power

Memory status: Temp (C), Avg Temp (C), Max Temp (C), Min Temp (C)

Processor status:  Input Current, Input Avg Current, Input Max Current, Input Min Current, Temp (C), Avg Temp (C), Max Temp (C), Min Temp (C)

Power supply status: Temp (C), Max Temp (C), Avg Temp (C), Min Temp (C),  Input 210Volt, Avg Input 210Volt, Max Input 210Volt, Min Input 210Volt, Output 12Volt, Avg Output 12Volt, Max Output

12Volt, Min Output 12Volt, Output 3V3Volt, Avg Output 3V3Volt, Max Output 3V3Volt, Min Output

3V3Volt, Output Current, Avg Output Current, Max Output Current, Min Output Current, Output

Power, Avg Output Power, Max Output Power,Min Output Power

Fan status:  Fan Speed, Average Fan Speed, Max Fan Speed, Min Fan Speed

 Availability and

Performance

Monitoring

 

Event Types

In CMDB > Event Types, search for “cisco us” in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

In Analytics > Reports, search for “cisco us” in the Name column to see the reports associated with this application or device.

Configuration

UCS XML API

AccelOps uses Cisco the Cisco UCS XML API to discover Cisco UCS and to collect hardware statistics. See the Cisco UCS documentation for information on how to configure your device to connect to AccelOps over the API.

You can now configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.

Settings for Access Credentials

Sample Cisco UCS Events

Power Supply Status Event

[PH_DEV_MON_UCS_HW_PSU_STAT]:[eventSeverity]=PHL_INFO,[hostName]=machine

,[hostIpAddr]=10.1.2.36,[hwComponentName]=sys/chassis-1/psu-2, [envTempdDegC]=47.764706,[envTempAvgDegC]=36.176472,[envTempMaxDegC]=47.

764706,[envTempMinDegC]=25.529411,[input210Volt]=214.294113, [input210AvgVolt]=210.784317,[input210MaxVolt]=214.294113,[input210MinVo lt]=207.823532,[ouput12Volt]=12.188235,[ouput12AvgVolt]=12.109803, [ouput12MaxVolt]=12.376471,[ouput12MinVolt]=11.905882,[ouput3V3Volt]=3.1

41176,[ouput3V3AvgVolt]=3.374510,[ouput3V3MaxVolt]=3.458823, [ouput3V3MinVolt]=3.141176,[outputCurrentAmp]=15.686275,[outputCurrentAv gAmp]=20.261436,[outputCurrentMaxAmp]=24.509804, [outputCurrentMinAmp]=15.686275,[outputPowerWatt]=191.188004,[outputPowe rAvgWatt]=245.736252,[outputPowerMaxWatt]=303.344879, [outputPowerMinWatt]=191.188004

Processor Status Event

[PH_DEV_MON_UCS_HW_PROCESSOR_STAT]:[eventSeverity]=PHL_INFO,

[hostName]=machine,[hostIpAddr]=10.1.2.36,

[hwComponentName]=sys/chassis-1/blade-3/board/cpu-2,

[inputCurrentAmp]=101.101959,[inputCurrentAvgAmp]=63.420914,

[inputCurrentMaxAmp]=101.101959,[inputCurrentMinAmp]=44.580391, [envTempdDegC]=5.788235,[envTempAvgDegC]=6.216993,[envTempMaxDegC]=6.431

373,[envTempMinDegC]=5.788235,

Chassis Status Event

[PH_DEV_MON_UCS_HW_CHASSIS_STAT]:[eventSeverity\]=PHL_INFO,[hostName]=ma chine,[hostIpAddr]=10.1.2.36,[hwComponentName]=sys/chassis-1, [inputPowerWatt]=7.843137,[inputPowerAvgWatt]=7.843137,[inputPowerMaxWat t]=7.843137,[inputPowerMinWatt]=7.843137,

outputPowerWatt]=0.000000,[outputPowerAvgWatt]=0.000000,[outputPowerMaxW att]=0.000000,[outputPowerMinWatt]=0.000000

Memory Status Event

Fan Status Event

FortiSIEM Nginx Web Server Configuration

Leave a reply
Nginx Web Server Configuration

Event Types

Rules

Reports

Configuration

SNMP

Syslog

Settings for Access Credentials

The following protocols are used to discover and monitor various aspects of Nginx webserver.

Protocol Information discovered Metrics collected Used for
SNMP Application type Process level metrics: CPU utilization, Memory utilization Performance

Monitoring
Syslog   W3C access logs: attributes include Client IP, URL, User Agent, Referrer, HTTP Version, HTTP Method,

HTTP Status Code, Sent Bytes, Received Bytes, Connection Duration

 Security Monitoring and compliance

Event Types

In CMDB > Event Types, search for “nginx” in the Device Type and Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Syslog

AccelOps processes events from this device via syslogs sent by the device. Configure the device to send syslogs to AccelOps as directed in the device’s product documentation, and AccelOps will parse the contents.

For Syslog Server, or the server where the syslogs should be sent, enter the IP address of your AccelOps virtual appliance.

For Port, enter 514.

Make sure that the syslog type is Common Event Format (CEF). The syslog format should be the same as that shown in the example.

Example nginx Syslog

<29>Jun 15 07:59:03 ny-n1-p2 nginx: “200.158.115.204”,”-“,”Mozilla/5.0

(Windows NT 5.1 WOW64; rv:9.0.1) Gecko/20100178 Firefox/9.0.1″,”/images/design/header-2-logo.jpg”,”GET”,”http://wm-cente r.com/images/design/header-2-logo.jpg”,”200″,”0″,”/ypf-cookie_auth/index .html”,”0.000″,”877″,”-“,”10.4.200.203″,”80″,”wm-center.com”,”no-cache, no-store, must-revalidate”,”-“,”1.64″,”_”,”-“,”-”

Settings for Access Credentials

SNMP Access Credentials for All Devices

When setting the Access Method Definition for allowing AccelOps to communicate with your device over SNMP, use these settings.

FortiSIEM Reports

Leave a reply

Reports

There are no predefined reports for this device.

Configuration

SNMP

Enabling SNMP on Windows Server 2003

SNMP is typically enabled by default on Windows Server 2003, but you will still need to add AccelOps to the hosts that are authorized to accept SNMP packets. First you need to make sure that the SNMP Management tool has been enabled for your device.

  1. In the Start menu, go to Administrative Tools > Services.
  2. Go to Control Panel > Add or Remove Programs.
  3. Click Add/Remove Windows Components.
  4. Select Management and Monitoring Tools and click Details.

Make sure that Simple Network Management Tool is selected.

If it isn’t selected, select it, and then click Next to install.

  1. Go to Start > Administrative Tools > Services.
  2. Select and open SNMP Service.
  3. Click the Security
  4. Select Send authentication trap.
  5. Under Accepted communities, make sure there is an entry for public that is set to read-only.
  6. Select Accept SNMP packets from these hosts.
  7. Click
  8. Enter the IP address for your AccelOps virtual appliance that will access your device over SNMP.
  9. Click Add.
  10. Click Apply.
  11. Under SNMP Service, click Restart service.

Enabling SNMP on Windows 7 or Windows Server 2008 R2

SNMP is typically enabled by default on Windows Server 2008, but you will still need to add AccelOps to the hosts that are authorized to accept SNMP packets. First you should check that SNMP Services have been enabled for your server.

  1. Log in to the Windows 2008 Server where you want to enable SNMP as an administrator.
  2. In the Start menu, select Control Panel.
  3. Under Programs, click Turn Windows features on/off.
  4. Under Features, see if SNMP Services is installed.

If not, click Add Feature, then select SMNP Service and click Next to install the service.

  1. In the Server Manager window, go to Services > SNMP Services.
  2. Select and open SNMP Service.
  3. Click the Security
  4. Select Send authentication trap.
  5. Under Accepted communities, make sure there is an entry for public that is set to read-only.
  6. Select Accept SNMP packets from these hosts.
  7. Click
  8. Enter the IP address for your AccelOps virtual appliance that will access your device over SNMP.
  9. Click Add.
  10. Click Apply.
  11. Under SNMP Service, click Restart service.

WMI

Configuring WMI on your device so AccelOps can discover and monitor it requires you to create a user who has access to WMI objects on the device. There are two ways to do this:

Creating a Generic User Who Does Not Belong to the Local Administrator Group

Creating a User Who Belongs to the Domain Administrator Group

Creating a Generic User Who Does Not Belong to the Local Administrator Group

Log in to the machine you want to monitor with an administrator account.

Enable Remote WMI Requests by Adding a Monitoring Account to the Distributed COM Users Group and the Performance Monitor Users Group

  1. Go to Start > Control Panel > Administrative Tools > Computer Management > Local Users and Groups.
  2. Right-click Users and select Add User.
  3. Create a user.
  4. Go to Groups, right-click Distributed COM Users, and then click Add to group.
  5. In the Distributed COM Users Properties dialog, click Add.
  6. Find the user you created, and then click OK.

This is the account you will need to use in setting up the Performance Monitor Users group permissions.

  1. Click OK in the Distributed COM Users Properties dialog, and then close the Computer Management dialog.
  2. Repeat steps 4 through 7 for the Performance Monitor Users group. Enable DCOM Permissions for the Monitoring Account
  3. Go to Start > Control Panel > Administrative Tools > Component Services.
  4. Right-click My Computer, and then Properties.
  5. Select the COM Security tab, and then under Access Permissions, click Edit Limits.
  6. Make sure that the Distributed COM Users group and the Performance Monitor Users group have Local Access and Remote Access set to
  7. Click OK.
  8. Under Access Permissions, click EditDefault.
  9. Make sure that the Distributed COM Users group and the Performance Monitor Users group have Local Access and Remote Access set to
  10. Click
  11. Under Launch and Activation Permissions, click Edit Limits.
  12. Make sure that the Distributed COM Users group and the Performance Monitor Users group have the permissions Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
  13. Click OK.
  14. Under Launch and Activation Permissions, click Edit Defaults.
  15. Make sure that the Distributed COM Users group and the Performance Monitor Users group have the permissions Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.

See the sections on Enabling WMI Privileges and Allowing WMI Access through the Windows Firewall in the Domain Admin User set up instructions for the remaining steps to configure WMI.

Creating a User Who Belongs to the Domain Administrator Group

Log in to the Domain Controller with an administrator account.

Enable remote WMI requests by Adding a Monitoring Account to the Domain Administrators Group

  1. Go to Start > Control Pane > Administrative Tools > Active Directory Users and Computers > Users.
  2. Right-click Users and select Add User.
  3. Create a user for the @accelops.com domain.

For example, YJTEST@accelops.com.

  1. Go to Groups, right-click Administrators, and then click Add to Group.
  2. In the Domain Admins Properties dialog, select the Members tab, and then click Add.
  3. For Enter the object names to select, enter the user you created in step 3.
  4. Click OK to close the Domain Admins Properties dialog.
  5. Click OK.

Enable the Monitoring Account to Access the Monitored Device

Log in to the machine you want to monitor with an administrator account. Enable DCOM Permissions for the Monitoring Account

  1. Go to Start > Control Panel > Administrative Tools > Component Services.
  2. Right-click My Computer, and then select Properties.
  3. Select the Com Security tab, and then under Access Permissions, click Edit Limits.
  4. Find the user you created for the monitoring account, and make sure that user has the permission Allow for both Local Access and Re mote Access.
  5. Click OK.
  6. In the Com Security tab, under Access Permissions, click Edit Defaults.
  7. Find the user you created for the monitoring account, and make sure that user has the permission Allow for both Local Access and Re mote Access.
  8. Click OK.
  9. In the Com Security tab, under Launch and Activation Permissions, click Edit Limits.
  10. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
  11. In the Com Security tab, under Launch and Activation Permissions, click Edit Defaults.
  12. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.

Enable Account Privileges in WMI

The monitoring account you created must have access to the namespace and sub-namespaces of the monitored device.

  1. Go to Start > Control Panel > Administrative Tools > Computer Management > Services and Applications.
  2. Select WMI Control, and then right-click and select Properties.
  3. Select the Security
  4. Expand the Root directory and select CIMV2.
  5. Click Security.
  6. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Enable Account and Remot e Enable.
  7. Click Advanced.
  8. Select the user you created for the monitoring account, and then click Edit.
  9. In the Apply onto menu, select This namespace and subnamespaces.
  10. Click OK to close the Permission Entry for CIMV2 dialog.
  11. Click OK to close the Advanced Security Settings for CIMV2 dialog.
  12. In the left-hand navigation, under Services and Applications, select Services.
  13. Select Windows Management Instrumentation, and then click Restart. Allow WMI to Connect Through the Windows Firewall (Windows 2003)
  14. In the Start menu, select Run.
  15. Run msc.
  16. Go to Local Computer Policy > Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall.
  17. Select Domain Profile or Standard Profile depending on whether the device you want to monitor is in the domain or not.
  18. Select Windows Firewall: Allow remote administration exception.
  19. Run exe and enter these commands:
  20. Restart the server.

Allow WMI through Windows Firewall (Windows Server 2008, 2012)

  1. Go to Control Panel > Windows Firewall.
  2. In the left-hand navigation, click Allow a program or feature through Windows Firewall.
  3. Select Windows Management Instrumentation, and the click OK.

You can now configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.

Syslog

Use Windows Agent Manager to configure the sending of syslogs from this device.

Sample IIS Syslog

<13>Oct  9 12:19:05 ADS-Pri.ACME.net IISWebLog              0

2008-10-09 19:18:43 W3SVC1 ADS-PRI 192.168.0.10 GET /iisstart.htm – 80 –

192.168.20.80 HTTP/1.1

Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.3)+Gecko/200809

2417+Firefox/3.0.3 – – 192.168.0.10 200 0 0 2158 368 156

<46>Mar 29 12:21:03 192.168.0.40 FTPSvcLog 0 2010-03-29 19:20:32

127.0.0.1 – MSFTPSVC1 FILER 127.0.0.1 21 [1]PASS IEUser@ – 530 1326 0 0

0 FTP – – – –

Microsoft IIS for Windows 2008 Configuration

What is Discovered and Monitored

Enabling SNMP on Windows Server 2003

Enabling SNMP on Windows 7 or Windows Server 2008 R2

Creating a Generic User Who Does Not Belong to the Local Administrator Group Creating a User Who Belongs to the Domain Administrator Group

Sample IIS Syslog

Setting Access Credentials

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
SNMP Application type Process level metrics: CPU utilization, memory utilization Performance

Monitoring
WMI Application type, service mappings Process level metrics: uptime, CPU Utilization, Memory utilization, Read I/O, Write I/O

IIS metrics: Current Connections, Max Connections, Sent Files, Received Files, Sent Bytes, Received

Bytes, ISAPI Requests, Not Found Errors

 Performance

Monitoring
Syslog Application type W3C access logs: attributes include IIS Service Instance, Client IP, URL, User Agent, Referrer, HTTP

Version, HTTP Method, HTTP Status Code, Sent Bytes, Received Bytes, Connection Duration

 Security Monitoring and compliance

Event Types

In CMDB > Event Types, search for “microsoft is” in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

Enabling SNMP on Windows Server 2003

SNMP is typically enabled by default on Windows Server 2003, but you will still need to add AccelOps to the hosts that are authorized to accept SNMP packets. First you need to make sure that the SNMP Management tool has been enabled for your device.

  1. In the Start menu, go to Administrative Tools > Services.
  2. Go to Control Panel > Add or Remove Programs.
  3. Click Add/Remove Windows Components.
  4. Select Management and Monitoring Tools and click Details.

Make sure that Simple Network Management Tool is selected.

If it isn’t selected, select it, and then click Next to install.

  1. Go to Start > Administrative Tools > Services.
  2. Select and open SNMP Service.
  3. Click the Security
  4. Select Send authentication trap.
  5. Under Accepted communities, make sure there is an entry for public that is set to read-only.
  6. Select Accept SNMP packets from these hosts.
  7. Click
  8. Enter the IP address for your AccelOps virtual appliance that will access your device over SNMP.
  9. Click Add.
  10. Click Apply.
  11. Under SNMP Service, click Restart service.

Enabling SNMP on Windows 7 or Windows Server 2008 R2

SNMP is typically enabled by default on Windows Server 2008, but you will still need to add AccelOps to the hosts that are authorized to accept SNMP packets. First you should check that SNMP Services have been enabled for your server.

  1. Log in to the Windows 2008 Server where you want to enable SNMP as an administrator.
  2. In the Start menu, select Control Panel.
  3. Under Programs, click Turn Windows features on/off.
  4. Under Features, see if SNMP Services is installed.

If not, click Add Feature, then select SMNP Service and click Next to install the service.

  1. In the Server Manager window, go to Services > SNMP Services.
  2. Select and open SNMP Service.
  3. Click the Security
  4. Select Send authentication trap.
  5. Under Accepted communities, make sure there is an entry for public that is set to read-only.
  6. Select Accept SNMP packets from these hosts.
  7. Click
  8. Enter the IP address for your AccelOps virtual appliance that will access your device over SNMP.
  9. Click Add.
  10. Click Apply.
  11. Under SNMP Service, click Restart service.

WMI

Configuring WMI on your device so AccelOps can discover and monitor it requires you to create a user who has access to WMI objects on the device. There are two ways to do this:

Creating a Generic User Who Does Not Belong to the Local Administrator Group

Creating a User Who Belongs to the Domain Administrator Group

Creating a Generic User Who Does Not Belong to the Local Administrator Group

Log in to the machine you want to monitor with an administrator account.

Enable Remote WMI Requests by Adding a Monitoring Account to the Distributed COM Users Group and the Performance Monitor Users Group

  1. Go to Start > Control Panel > Administrative Tools > Computer Management > Local Users and Groups.
  2. Right-click Users and select Add User.
  3. Create a user.
  4. Go to Groups, right-click Distributed COM Users, and then click Add to group.
  5. In the Distributed COM Users Properties dialog, click Add.
  6. Find the user you created, and then click OK.

This is the account you will need to use in setting up the Performance Monitor Users group permissions.

  1. Click OK in the Distributed COM Users Properties dialog, and then close the Computer Management dialog.
  2. Repeat steps 4 through 7 for the Performance Monitor Users group. Enable DCOM Permissions for the Monitoring Account
  3. Go to Start > Control Panel > Administrative Tools > Component Services.
  4. Right-click My Computer, and then Properties.
  5. Select the COM Security tab, and then under Access Permissions, click Edit Limits.
  6. Make sure that the Distributed COM Users group and the Performance Monitor Users group have Local Access and Remote Access set to
  7. Click OK.
  8. Under Access Permissions, click EditDefault.
  9. Make sure that the Distributed COM Users group and the Performance Monitor Users group have Local Access and Remote Access set to
  10. Click
  11. Under Launch and Activation Permissions, click Edit Limits.
  12. Make sure that the Distributed COM Users group and the Performance Monitor Users group have the permissions Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
  13. Click OK.
  14. Under Launch and Activation Permissions, click Edit Defaults.
  15. Make sure that the Distributed COM Users group and the Performance Monitor Users group have the permissions Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.

See the sections on Enabling WMI Privileges and Allowing WMI Access through the Windows Firewall in the Domain Admin User set up instructions for the remaining steps to configure WMI.

Creating a User Who Belongs to the Domain Administrator Group

Log in to the Domain Controller with an administrator account.

Enable remote WMI requests by Adding a Monitoring Account to the Domain Administrators Group

  1. Go to Start > Control Pane > Administrative Tools > Active Directory Users and Computers > Users.
  2. Right-click Users and select Add User.
  3. Create a user for the @accelops.com domain.

For example, YJTEST@accelops.com.

  1. Go to Groups, right-click Administrators, and then click Add to Group.
  2. In the Domain Admins Properties dialog, select the Members tab, and then click Add.
  3. For Enter the object names to select, enter the user you created in step 3.
  4. Click OK to close the Domain Admins Properties dialog.
  5. Click OK.

Enable the Monitoring Account to Access the Monitored Device

Log in to the machine you want to monitor with an administrator account. Enable DCOM Permissions for the Monitoring Account

  1. Go to Start > Control Panel > Administrative Tools > Component Services.
  2. Right-click My Computer, and then select Properties.
  3. Select the Com Security tab, and then under Access Permissions, click Edit Limits.
  4. Find the user you created for the monitoring account, and make sure that user has the permission Allow for both Local Access and Re mote Access.
  5. Click OK.
  6. In the Com Security tab, under Access Permissions, click Edit Defaults.
  7. Find the user you created for the monitoring account, and make sure that user has the permission Allow for both Local Access and Re mote Access.
  8. Click OK.
  9. In the Com Security tab, under Launch and Activation Permissions, click Edit Limits.
  10. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
  11. In the Com Security tab, under Launch and Activation Permissions, click Edit Defaults.
  12. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.

Enable Account Privileges in WMI

The monitoring account you created must have access to the namespace and sub-namespaces of the monitored device.

  1. Go to Start > Control Panel > Administrative Tools > Computer Management > Services and Applications.
  2. Select WMI Control, and then right-click and select Properties.
  3. Select the Security
  4. Expand the Root directory and select CIMV2.
  5. Click Security.
  6. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Enable Account and Remot e Enable.
  7. Click Advanced.
  8. Select the user you created for the monitoring account, and then click Edit.
  9. In the Apply onto menu, select This namespace and subnamespaces.
  10. Click OK to close the Permission Entry for CIMV2 dialog.
  11. Click OK to close the Advanced Security Settings for CIMV2 dialog.
  12. In the left-hand navigation, under Services and Applications, select Services.
  13. Select Windows Management Instrumentation, and then click Restart. Allow WMI to Connect Through the Windows Firewall (Windows 2003)
  14. In the Start menu, select Run.
  15. Run msc.
  16. Go to Local Computer Policy > Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall.
  17. Select Domain Profile or Standard Profile depending on whether the device you want to monitor is in the domain or not.
  18. Select Windows Firewall: Allow remote administration exception.
  19. Run exe and enter these commands:
  20. Restart the server.

Allow WMI through Windows Firewall (Windows Server 2008, 2012)

  1. Go to Control Panel > Windows Firewall.
  2. In the left-hand navigation, click Allow a program or feature through Windows Firewall.
  3. Select Windows Management Instrumentation, and the click OK.

You can now configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.

Syslog

Use the Windows Agent Manager to configure sending syslogs from your device to AccelOps.

Sample IIS Syslog

<13>Oct  9 12:19:05 ADS-Pri.ACME.net IISWebLog              0

2008-10-09 19:18:43 W3SVC1 ADS-PRI 192.168.0.10 GET /iisstart.htm – 80 –

192.168.20.80 HTTP/1.1

Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.3)+Gecko/200809

2417+Firefox/3.0.3 – – 192.168.0.10 200 0 0 2158 368 156

<46>Mar 29 12:21:03 192.168.0.40 FTPSvcLog 0 2010-03-29 19:20:32

127.0.0.1 – MSFTPSVC1 FILER 127.0.0.1 21 [1]PASS IEUser@ – 530 1326 0 0

0 FTP – – – –

FortiSIEM Web Server Configuration

Leave a reply

Web Server Configuration

AccelOps supports these web servers for discovery and monitoring.

Apache Web Server Configuration

Microsoft IIS for Windows 2000 and 2003 Configuration

Microsoft IIS for Windows 2008 Configuration Nginx Web Server Configuration

Apache Web Server Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

Configuration

SNMP

HTTPS

Syslog

Define the Apache Log Format

Apache Syslog Log Format

Settings for Access Credentials

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
SNMP Application type Process level metrics: CPU utilization, Memory utilization Performance

Monitoring
HTTP(S) via the mod-status module   Apache metrics: Uptime, CPU load, Total Accesses, Total Bytes Connections, Requests/sec, Bytes/sec, Bytes/req, Busy Workers, Idle Workers Performance

Monitoring
Syslog Application type W3C access logs: attributes include Client IP, URL, User Agent, Referrer, HTTP Version, HTTP

Method, HTTP Status Code, Sent Bytes, Received Bytes, Connection Duration

 Security Monitoring and compliance

Event Types

In CMDB > Event Types, search for “apache” in the Device Type and Description column to see the event types associated with this device.

Rules here are no predefined rules for this device.

Reports

In Analytics > Reports, search for “apache” in the Name column to see the reports associated with this device. Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

HTTPS

To communicate with AccelOps over HTTPS, you need to configure the mod_status module in your Apache web server.

  1. Log in to your web server as an administrator.
  2. Open the configuration file /etc/Httpd.conf.
  3. Modify the file as shown in these code blocks, depending on whether you are connecting over HTTP without authentication, or over HTTPS with authentication.
  4. If you are using authentication, you will have to add user authentication credentials.
    1. Go to /etc/httpd, and if necessary, create an account
    2. In the account directory, create two files, users and groups.
    3. In the groups file, enter admin:admin.
    4. Create a password for the admin user.
  5. Reload Apache.

You can now configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.

Syslog

Install and configure Epilog application to send syslog to AccelOps

  1. Download Epilog from Epilog download site and install it on your Windows Server.
  2. For Windows, launch Epilog from StartAll ProgramsInterSect AllianceEpilog for windows
  3. For Linux, type http://<yourApacheServerIp>:6162
  4. Configure Epilog application as follows
    1. Go to Log Configuration. Click Add button and add the following log files to be sent to AccelOps

/etc/httpd/logs/access_log /etc/httpd/logs/ssl_access_log

  1. Go to Network Configuration
    1. Set AO System IP(all-in-1 or collector) in Destination Server address (10.1.2.20 here);
    2. Set 514 in Destination Port text area
  • Click Change Configuration to save the configuration
  1. Apply the Latest Audit Configuration. Apache logs will now sent to AccelOps in real time.

Define the Apache Log Format

You need to define the format of the logs that Apache will send to AccelOps.

  1. Open the file /etc/httpd/conf.d/ssl.conf for editing.

<142>Sep 17 13:27:37 SJ-Dev-S-RH-VMW-01.prospecthills.net ApacheLog

192.168.20.35 – – [17/Sep/2009:13:27:37 -0700] “GET

/icons/apache_pb2.gif HTTP/1.1” 200 2414 “http://192.168.0.30/”

“Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)”

<134>Mar  4 17:08:04 137.146.28.68 httpd: [ID 702911 local0.info]

192.168.20.38 – – [04/Mar/2010:16:35:21 -0800] “GET /bugzilla-3.0.4/ HTTP/1.1” 200 10791 “-” “Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 GTB6”

<142>Sep 17 13:27:37 135.134.33.23 HTTP: [ID 702911 local0.info]

192.168.20.38 – – [04/Mar/2010:16:35:21 -0800] “GET /bugzilla-3.0.4/ HTTP/1.1” 200 10791 “-” “Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 GTB6”

Microsoft IIS for Windows 2000 and 2003 Configuration

What is Discovered and Monitored

Enabling SNMP on Windows Server 2003

Enabling SNMP on Windows 7 or Windows Server 2008 R2

Creating a Generic User Who Does Not Belong to the Local Administrator Group Creating a User Who Belongs to the Domain Administrator Group

Sample IIS Syslog

Settings for Access Credentials

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
SNMP Application type Process level metrics: CPU utilization, memory utilization Performance

Monitoring
WMI Application type, service mappings Process level metrics: uptime, CPU Utilization, Memory utilization, Read I/O, Write I/O

IIS metrics: Current Connections, Max Connections, Sent Files, Received Files, Sent Bytes, Received Bytes, ISAPI Requests, Not Found Errors

 Performance

Monitoring
Syslog Application type W3C access logs: attributes include IIS Service Instance, Client IP, URL, User Agent, Referrer, HTTP

Version, HTTP Method, HTTP Status Code, Sent Bytes, Received Bytes, Connection Duration

 Security Monitoring and compliance

Event Types

In CMDB > Event Types, search for “microsoft is” in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

FortiSIEM Unified Communication Server Configuration

Leave a reply

Unified Communication Server Configuration

AccelOps supports these VoIP servers for discovery and monitoring.

Avaya Call Manager Configuration

Cisco Call Manager Configuration

Cisco Contact Center Configuration

Cisco Presence Server Configuration

Cisco Tandeberg Telepresence Video Communication Server (VCS) Configuration

Cisco Telepresence Multipoint Control Unit (MCU) Configuration

Cisco Telepresence Video Communication Server Configuration

Cisco Unity Connection Configuration

 

Avaya Call Manager Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

Configuration

SNMP

SFTP

Configure AccelOps to Receive CDR Records from Cisco Call Manager

Configure Avaya Call Manager to Send CDR Records to AccelOps  Settings for Access Credentials

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
SNMP Application type System metrics: Uptime, Interface utilization Performance Monitoring
SFTP   Call Description Records (CDR): Calling Phone IP, Called Phone IP, Call Duration Performance and Availability

Monitoring

Event Types

Avaya-CM-CDR: Avaya CDR Records

Rules

None

Reports None.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

 

SFTP

SFTP is used to send Call Description Records (CDRs) to AccelOps.

Configure AccelOps to Receive CDR Records from Cisco Call Manager

  1. Log in to your AccelOps virtual appliance as root over SSH.
  2. Change the directory.
  3. Create an FTP account for user ftpuser with the home directory /opt/phoenix/cache/avayaCM/<call-manager-ip>. If this is the first time you have created a Call Manager definition, you will be prompted for the ftpuser password. When you create subsequent Call Manager definitions, the same password will be used, and you will see a Success message when the definition is created.
  4. The CDR records do not have field definitions, they only have values. Field definitions are needed to properly interpret the values. Make sure that the CDR fields definitions matches the default one supplied by AccelOps in /opt/phoenix/config/AvayaCDRConfig.csv. AccelOps will interpret the CDR record fields according to the field definitions specified in /opt/phoenix/config/AvayaCDRConfig.csv and generate events like the following.

Wed Feb  4 14:37:41 2015 1.2.3.4 AccelOps-FileLog-AvayaCM [Time of day-hours]=”11″ [Time of day-minutes]=”36″ [Duration-hours]=”0″ [Duration-minutes]=”00″ [Duration-tenths of minutes]=”5″ [Condition code]=”9″ [Dialed number]=”5908″ [Calling number]=”2565522011″ [FRL]=”5″ [Incoming circuit ID]=”001″ [Feature flag]=”0″ [Attendant console]=”8″ [Incoming TAC]=”01 1″ [INS]=”0″ [IXC]=”00″ [Packet count]=”12″ [TSC flag]=”1″

Configure Avaya Call Manager to Send CDR Records to AccelOps

  1. Log in to Avaya Call Manager.
  2. Send CDR records to AccelOps by using this information
Field Value
Host Name/IP Address <AccelOps IP address>
User Name ftpuser
Password <The password you created for ftpuser>
Protocol SFTP
Directory Path /opt/phoenix/cache/avayaCM/<call-manager-ip>

 

 

 

 

 

Cisco Call Manager Configuration

What is Discovered and Monitored

Configuration

Settings for Access Credentials

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
SNMP Application type System metrics: Uptime, CPU utilization, Memory utilization, Disk utilization, Interface utilization,

Process count, Per process: CPU utilization, Memory utilization

 Performance

Monitoring
SNMP VoIP phones and

registration status

 Call Manager metrics:

Global Info: VoIP phone count, Gateway count, Media Device count, Voice mail server count  and SIP Trunks count broken down by Registered/Unregistered/Rejected status (AccelOps Event Type:

PH_DEV_MON_CCM_GLOBAL_INFO)

SIP Trunk Info: Trunk end point, description, status (AccelOps Event Type:

PH_DEV_MON_CCM_SIP_TRUNK_STAT)

SIP Trunk Addition, Deletion: AccelOps Event Type:

PH_DEV_MON_CCM_NEW_SIP_TRUNK, PH_DEV_MON_CCM_DEL_SIP_TRUNK

Gateway Status Info: Gateway name, Gateway IP, description, status (AccelOps Event Types:

PH_DEV_MON_CCM_GW_STAT)

Gateway Status Change, Addition, Deletion: AccelOps Event Type:

PH_DEV_MON_CCM_GW_STAT_CHANGE, PH_DEV_MON_CCM_NEW_GW, PH_DEV_MON_CCM_DEL_GW

H323 Device Info: H323 Device name, H323 Device IP, description, status (AccelOps Event Types:

PH_DEV_MON_CCM_H323_STAT)

Gateway Status Change, Addition, Deletion: AccelOps Event Type:

PH_DEV_MON_CCM_H323_STAT_CHANGE, PH_DEV_MON_CCM_NEW_H323, PH_DEV_MON_CCM_DEL_H323

Voice Mail Device Info: Voice Mail Device name, Voice Mail Device IP, description, status (AccelOps Event Types: PH_DEV_MON_CCM_VM_STAT)

Voice Mail Device Status Change, Addition, Deletion: AccelOps Event Type: PH_DEV_MON_CCM_VM_STAT_CHANGE, PH_DEV_MON_CCM_NEW_VM, PH_DEV_MON_CCM_DEL_VM

Media Device Info: Media Device name, Media Device IP, description, status (AccelOps Event Types:

PH_DEV_MON_CCM_MEDIA_STAT)

Media Device Status Change, Addition, Deletion: AccelOps Event Type:

PH_DEV_MON_CCM_MEDIA_STAT_CHANGE, PH_DEV_MON_CCM_NEW_MEDIA,

PH_DEV_MON_CCM_DEL_MEDIA

Computer Telephony Integration (CTI) Device Info: CTI Device name, CTI Device IP, description, status (AccelOps Event Types: PH_DEV_MON_CCM_CTI_STAT)

CTI Device Status Change, Addition, Deletion: AccelOps Event Type:

PH_DEV_MON_CCM_CTI_STAT_CHANGE, PH_DEV_MON_CCM_NEW_CTI, PH_DEV_MON_CCM_DEL_CTI

 Availability

Monitoring
WMI (for

Windows based

Call Managers)

 Application type, service mappings Process level metrics: Per process: Uptime, CPU utilization, Memory utilization, Read I/O KBytes/sec,

Write I/O KBytes/sec

 Performance

Monitoring
SFTP   Call Description Records (CDR): Calling Phone IP, Called Phone IP, Calling Party Number, Original

Called Party Number, Final Called Party Number, Call Connect Time, Call Disconnect Time, Call Duration

Call Management Records (CMR): Latency, Jitter, Mos Score – current, average, min, max for each call in CDR

 Performance

and Availability

Monitoring
Syslog   Syslog messages from Cisco Call Manager as well as Cisco Unified Real Time Monitoring Tool (RTMT)  

Event Types

In CMDB > Event Types, search for “cisco_uc” and “cisco_uc_rtmt” in the Display Name column to see the event types associated with this device.

Rules

In Analytics > Rules, search for “cisco call manager” in the Name column to see the rules associated with this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

WMI (for Call Manager installed under Windows)

Configuring WMI on your device so AccelOps can discover and monitor it requires you to create a user who has access to WMI objects on the device. There are two ways to do this:

Creating a Generic User Who Does Not Belong to the Local Administrator Group

Creating a User Who Belongs to the Domain Administrator Group

Creating a Generic User Who Does Not Belong to the Local Administrator Group

Log in to the machine you want to monitor with an administrator account.

Enable Remote WMI Requests by Adding a Monitoring Account to the Distributed COM Users Group and the Performance Monitor Users Group

  1. Go to Start > Control Panel > Administrative Tools > Computer Management > Local Users and Groups.
  2. Right-click Users and select Add User.
  3. Create a user.
  4. Go to Groups, right-click Distributed COM Users, and then click Add to group.
  5. In the Distributed COM Users Properties dialog, click Add.
  6. Find the user you created, and then click OK.

This is the account you will need to use in setting up the Performance Monitor Users group permissions.

  1. Click OK in the Distributed COM Users Properties dialog, and then close the Computer Management dialog.
  2. Repeat steps 4 through 7 for the Performance Monitor Users group. Enable DCOM Permissions for the Monitoring Account
  3. Go to Start > Control Panel > Administrative Tools > Component Services.
  4. Right-click My Computer, and then Properties.
  5. Select the COM Security tab, and then under Access Permissions, click Edit Limits.
  6. Make sure that the Distributed COM Users group and the Performance Monitor Users group have Local Access and Remote Access set to
  7. Click OK.
  8. Under Access Permissions, click EditDefault.
  9. Make sure that the Distributed COM Users group and the Performance Monitor Users group have Local Access and Remote Access set to
  10. Click
  11. Under Launch and Activation Permissions, click Edit Limits.
  12. Make sure that the Distributed COM Users group and the Performance Monitor Users group have the permissions Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
  13. Click OK.
  14. Under Launch and Activation Permissions, click Edit Defaults.
  15. Make sure that the Distributed COM Users group and the Performance Monitor Users group have the permissions Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.

See the sections on Enabling WMI Privileges and Allowing WMI Access through the Windows Firewall in the Domain Admin User set up instructions for the remaining steps to configure WMI.

Creating a User Who Belongs to the Domain Administrator Group

Log in to the Domain Controller with an administrator account.

Enable remote WMI requests by Adding a Monitoring Account to the Domain Administrators Group

  1. Go to Start > Control Pane > Administrative Tools > Active Directory Users and Computers > Users.
  2. Right-click Users and select Add User.
  3. Create a user for the @accelops.com domain.

For example, YJTEST@accelops.com.

  1. Go to Groups, right-click Administrators, and then click Add to Group.
  2. In the Domain Admins Properties dialog, select the Members tab, and then click Add.
  3. For Enter the object names to select, enter the user you created in step 3.
  4. Click OK to close the Domain Admins Properties dialog.
  5. Click OK.

Enable the Monitoring Account to Access the Monitored Device

Log in to the machine you want to monitor with an administrator account. Enable DCOM Permissions for the Monitoring Account

  1. Go to Start > Control Panel > Administrative Tools > Component Services.
  2. Right-click My Computer, and then select Properties.
  3. Select the Com Security tab, and then under Access Permissions, click Edit Limits.
  4. Find the user you created for the monitoring account, and make sure that user has the permission Allow for both Local Access and Re mote Access.
  5. Click OK.
  6. In the Com Security tab, under Access Permissions, click Edit Defaults.
  7. Find the user you created for the monitoring account, and make sure that user has the permission Allow for both Local Access and Re mote Access.
  8. Click OK.
  9. In the Com Security tab, under Launch and Activation Permissions, click Edit Limits.
  10. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
  11. In the Com Security tab, under Launch and Activation Permissions, click Edit Defaults.
  12. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.

Enable Account Privileges in WMI

The monitoring account you created must have access to the namespace and sub-namespaces of the monitored device.

  1. Go to Start > Control Panel > Administrative Tools > Computer Management > Services and Applications.
  2. Select WMI Control, and then right-click and select Properties.
  3. Select the Security
  4. Expand the Root directory and select CIMV2.
  5. Click Security.
  6. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Enable Account and Remot e Enable.
  7. Click Advanced.
  8. Select the user you created for the monitoring account, and then click Edit.
  9. In the Apply onto menu, select This namespace and subnamespaces.
  10. Click OK to close the Permission Entry for CIMV2 dialog.
  11. Click OK to close the Advanced Security Settings for CIMV2 dialog.
  12. In the left-hand navigation, under Services and Applications, select Services.
  13. Select Windows Management Instrumentation, and then click Restart. Allow WMI to Connect Through the Windows Firewall (Windows 2003)
  14. In the Start menu, select Run.
  15. Run msc.
  16. Go to Local Computer Policy > Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall.
  17. Select Domain Profile or Standard Profile depending on whether the device you want to monitor is in the domain or not.
  18. Select Windows Firewall: Allow remote administration exception.
  19. Run exe and enter these commands:
  20. Restart the server.

Allow WMI through Windows Firewall (Windows Server 2008, 2012)

  1. Go to Control Panel > Windows Firewall.
  2. In the left-hand navigation, click Allow a program or feature through Windows Firewall.
  3. Select Windows Management Instrumentation, and the click OK.

SFTP

SFTP is used to send Call Description Records (CDRs) to AccelOps.

Configure AccelOps to Receive CDR Records from Cisco Call Manager

  1. Log in to your Accelops virtual appliance as root over SSH.
  2. Change the directory.

This creates an FTP account  for user ftpuser with the home directory /opt/phoenix/cache/ccm/<call-manager-ip>. If this is the first time you have created a Call Manager definition, you will be prompted for the ftpuser password. When you create subsequent Call Manager definitions, the same password will be used, and you will see a Success message when the definition is created.

  1. Switch user to admin by issuing “su – admin”
  2. Modify phoenix_config.txt entry
  3. Restart phParser by issuing “killall -9 phParser”

Configure Cisco Call Manager to Send CDR Records to AccelOps

  1. Log in to Cisco Call Manager.
  2. Go to Tools > CDR Management Configuration.

The CDR Management Configuration window will open.

  1. Click Add New.
  2. Enter this information.
Field Value
Host Name/IP Address <AccelOps IP address>
User Name ftpuser
Password <The password you created for ftpuser>
Protocol SFTP
Directory Path /opt/phoenix/cache/ccm/<call-manager-ip>
  1. Click Save.

 

 

 

 

 

 

Cisco Contact Center Configuration

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
SNMP Application type System metrics: CPU utilization, Memory utilization, Disk utilization, Interface utilization, Hardware Status,

Process count, Process level CPU and memory utilization, Install software change

 Performance

Monitoring
SSH   Disk I/O monitoring  

Event Types

There are no event types defined specifically for this device.

Rules

In Analytics > Rules, search for “cisco contact center” in the Name column to see the rules associated with this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

 

Cisco Presence Server Configuration

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
SNMP Application type System metrics: CPU utilization, Memory utilization, Disk utilization, Interface utilization, Hardware Status,

Process count, Process level CPU and memory utilization, Install software change

 Performance

Monitoring
SSH   Disk I/O monitoring  

Event Types

There are no event types defined specifically for this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

 

Cisco Tandeberg Telepresence Video Communication Server (VCS) Configuration

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
SNMP Application type System metrics: CPU utilization, Memory utilization, Disk utilization, Interface utilization, Hardware Status,

Process count, Process level CPU and memory utilization, Install software change

 Performance

Monitoring
SSH   Disk I/O monitoring  

Event Types

There are no event types defined specifically for this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

 

 

Cisco Telepresence Multipoint Control Unit (MCU) Configuration

What is Discovered and Monitored

The following protocols are used to discover and monitor various aspects of Cisco Tandeberg VCS

Protocol Information discovered Metrics collected Used for
SNMP Application type System metrics: Uptime, Interface utilization Performance Monitoring

Event Types

In CMDB > Event Types, search for “cisco telepresence” in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device. .

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Cisco Telepresence Video Communication Server Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

What is Discovered and Monitored

Protocol Logs parsed Used for
Syslog Call attempts, Call rejects, Media stats, Request, response, Search Log Analysis

Event Types

In CMDB > Event Types, search for “Cisco-TVCS” in the Description column to see the event types associated with this device.

Rules

There are no predefined reports for this device.

Reports

There are no predefined reports for this device.

 

Cisco Unity Connection Configuration

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
SNMP Application type System metrics: CPU utilization, Memory utilization, Disk utilization, Interface utilization, Hardware Status, Process count, Process level CPU and memory utilization Performance

Monitoring

Event Types

In CMDB > Event Types, search for “cisco unity” in the Description column to see the event types associated with this device.

Rules

In Analytics > Rules, search for “cisco unity” in the Name column to see the rules associated with this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

FortiSIEM Remote Desktop Configuration

Leave a reply

Remote Desktop Configuration

AccelOps supports these remote desktop applications for discovery and monitoring.

Citrix Receiver (ICA) Configuration

 

Citrix Receiver (ICA) Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

Configuration

WMI

Creating a Generic User Who Does Not Belong to the Local Administrator Group

Creating a User Who Belongs to the Domain Administrator Group

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
 WMI    From PH_DEV_MON_APP_ICA_SESS_MET:

ICA Latency Last Recorded

ICA Latency Session Average

ICA Latency Session Deviation

ICA Input Session Bandwidth

ICA Input Session Line Speed

ICA Input Session Compression ICA Input Drive Bandwidth

ICA Input Text Echo Bandwidth

ICA Input SpeedScreen Data  Bandwidth

Input Audio Bandwidth

ICA Input VideoFrame Bandwidth

ICA Output Session Bandwidth

ICA Output Session Line Speed

ICA Output Session Compression

ICA Output Drive Bandwidth

ICA Output Text Echo Bandwidth

ICA Output SpeedScreen Data  Bandwidth

ICA Output Audio Bandwidth

ICA Output VideoFrame Bandwidth

  

Event Types

In CMDB > Event Types, search for “citrix ICA” in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

In Analytics > Reports, search for “citrix ICA” in the Name column to see the reports associated with this application or device. Configuration

WMI

Configuring WMI on your device so AccelOps can discover and monitor it requires you to create a user who has access to WMI objects on the device. There are two ways to do this:

Creating a Generic User Who Does Not Belong to the Local Administrator Group

Creating a User Who Belongs to the Domain Administrator Group

Creating a Generic User Who Does Not Belong to the Local Administrator Group

Log in to the machine you want to monitor with an administrator account.

Enable Remote WMI Requests by Adding a Monitoring Account to the Distributed COM Users Group and the Performance Monitor Users Group

  1. Go to Start > Control Panel > Administrative Tools > Computer Management > Local Users and Groups.
  2. Right-click Users and select Add User.
  3. Create a user.
  4. Go to Groups, right-click Distributed COM Users, and then click Add to group.
  5. In the Distributed COM Users Properties dialog, click Add.
  6. Find the user you created, and then click OK.

This is the account you will need to use in setting up the Performance Monitor Users group permissions.

  1. Click OK in the Distributed COM Users Properties dialog, and then close the Computer Management dialog.
  2. Repeat steps 4 through 7 for the Performance Monitor Users group. Enable DCOM Permissions for the Monitoring Account
  3. Go to Start > Control Panel > Administrative Tools > Component Services.
  4. Right-click My Computer, and then Properties.
  5. Select the COM Security tab, and then under Access Permissions, click Edit Limits.
  6. Make sure that the Distributed COM Users group and the Performance Monitor Users group have Local Access and Remote Access set to
  7. Click OK.
  8. Under Access Permissions, click EditDefault.
  9. Make sure that the Distributed COM Users group and the Performance Monitor Users group have Local Access and Remote Access set to
  10. Click
  11. Under Launch and Activation Permissions, click Edit Limits.
  12. Make sure that the Distributed COM Users group and the Performance Monitor Users group have the permissions Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
  13. Click OK.
  14. Under Launch and Activation Permissions, click Edit Defaults.
  15. Make sure that the Distributed COM Users group and the Performance Monitor Users group have the permissions Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.

See the sections on Enabling WMI Privileges and Allowing WMI Access through the Windows Firewall in the Domain Admin User set up instructions for the remaining steps to configure WMI.

Creating a User Who Belongs to the Domain Administrator Group

Log in to the Domain Controller with an administrator account.

Enable remote WMI requests by Adding a Monitoring Account to the Domain Administrators Group

  1. Go to Start > Control Pane > Administrative Tools > Active Directory Users and Computers > Users.
  2. Right-click Users and select Add User.
  3. Create a user for the @accelops.com domain.

For example, YJTEST@accelops.com.

  1. Go to Groups, right-click Administrators, and then click Add to Group.
  2. In the Domain Admins Properties dialog, select the Members tab, and then click Add.
  3. For Enter the object names to select, enter the user you created in step 3.
  4. Click OK to close the Domain Admins Properties dialog.
  5. Click OK.

Enable the Monitoring Account to Access the Monitored Device

Log in to the machine you want to monitor with an administrator account. Enable DCOM Permissions for the Monitoring Account

  1. Go to Start > Control Panel > Administrative Tools > Component Services.
  2. Right-click My Computer, and then select Properties.
  3. Select the Com Security tab, and then under Access Permissions, click Edit Limits.
  4. Find the user you created for the monitoring account, and make sure that user has the permission Allow for both Local Access and Re mote Access.
  5. Click OK.
  6. In the Com Security tab, under Access Permissions, click Edit Defaults.
  7. Find the user you created for the monitoring account, and make sure that user has the permission Allow for both Local Access and Re mote Access.
  8. Click OK.
  9. In the Com Security tab, under Launch and Activation Permissions, click Edit Limits.
  10. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.
  11. In the Com Security tab, under Launch and Activation Permissions, click Edit Defaults.
  12. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Local Launch, Remote Launch, Local Activation, and Remote Activation.

Enable Account Privileges in WMI

The monitoring account you created must have access to the namespace and sub-namespaces of the monitored device.

  1. Go to Start > Control Panel > Administrative Tools > Computer Management > Services and Applications.
  2. Select WMI Control, and then right-click and select Properties.
  3. Select the Security
  4. Expand the Root directory and select CIMV2.
  5. Click Security.
  6. Find the user you created for the monitoring account, and make sure that user has the permission Allow for Enable Account and Remot

e Enable.

  1. Click Advanced.
  2. Select the user you created for the monitoring account, and then click Edit.
  3. In the Apply onto menu, select This namespace and subnamespaces.
  4. Click OK to close the Permission Entry for CIMV2 dialog.
  5. Click OK to close the Advanced Security Settings for CIMV2 dialog.
  6. In the left-hand navigation, under Services and Applications, select Services.
  7. Select Windows Management Instrumentation, and then click Restart. Allow WMI to Connect Through the Windows Firewall (Windows 2003)
  8. In the Start menu, select Run.
  9. Run msc.
  10. Go to Local Computer Policy > Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall.
  11. Select Domain Profile or Standard Profile depending on whether the device you want to monitor is in the domain or not.
  12. Select Windows Firewall: Allow remote administration exception.
  13. Run exe and enter these commands:
  14. Restart the server.

Allow WMI through Windows Firewall (Windows Server 2008, 2012)

  1. Go to Control Panel > Windows Firewall.
  2. In the left-hand navigation, click Allow a program or feature through Windows Firewall.
  3. Select Windows Management Instrumentation, and the click OK.

You can now configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.

FortiSIEM Fortinet FortiManager Configuration

Leave a reply
Fortinet FortiManager Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

Configuration

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
SNMP Host name, Hardware model, Network interfaces,  Operating system version Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and

Performance

Monitoring

Event Types

Regular monitoring events

PH_DEV_MON_SYS_CPU_UTIL

PH_DEV_MON_SYS_MEM_UTIL PH_DEV_MON_SYS_DISK_UTIL

PH_DEV_MON_NET_INTF_UTIL

Rules

Regular monitoring rules

Reports

Regular monitoring reports

Configuration

Please configure the device so that AccelOps can access it via SNMP.

Configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.