Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

HP/3Com ComWare Switch

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP (V1, V2c)

Host name, software version, Hardware model, Network interfaces,

Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Hardware status: Power Supply, Fan, Temperature

Availability and Performance Monitoring

SNMP (V1, V2c, V3)

Hardware status: Temperature

Availability

Syslog

System logs

Availability, Security and Compliance

Event Types

In ADMIN > Device Support > Event, search for "compare" in the Device Type column to see the event types associated with this device. 

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device. 

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Syslog

FortiSIEM processes events from this device via syslogs sent by the device. Configure the device to send syslogs to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

  • For Syslog Server, or the server where the syslogs should be sent, enter the IP address of your FortiSIEM virtual appliance.
  • For Port, enter 514.
  • Make sure that the syslog type is Common Event Format (CEF). The syslog format should be the same as that shown in the example.
Example Syslog for ComWare Switch Messages

%Apr 2 11:38:11:113 2010 H3C DEVD/3/BOARD REBOOT:Chasis 0 slot 2 need be rebooted automatically!
%Sep 22 20:38:32:947 2009 H3C DEVD/4/BRD MISPLUG: The board or subcard in slot 1 is not supported.
%Sep 22 20:38:32:947 2009 H3C DEVD/4/BRD MISPLUG: The board type of MR in 1 is different from the Mate MR's, so the MR can't work properly.
%Sep 22 20:38:32:947 2009 H3C DEVD/2/BRD TOO HOT:Temperature of the board is too high!
%Sep 22 20:38:32:947 2009 H3C DEVD/2/ FAN CHANGE: Chassis 1: Fan communication state changed: Fan 1 changed to fault.

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type H3C Comware
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration

HP/3Com ComWare Switch

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP (V1, V2c)

Host name, software version, Hardware model, Network interfaces,

Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Hardware status: Power Supply, Fan, Temperature

Availability and Performance Monitoring

SNMP (V1, V2c, V3)

Hardware status: Temperature

Availability

Syslog

System logs

Availability, Security and Compliance

Event Types

In ADMIN > Device Support > Event, search for "compare" in the Device Type column to see the event types associated with this device. 

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device. 

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Syslog

FortiSIEM processes events from this device via syslogs sent by the device. Configure the device to send syslogs to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

  • For Syslog Server, or the server where the syslogs should be sent, enter the IP address of your FortiSIEM virtual appliance.
  • For Port, enter 514.
  • Make sure that the syslog type is Common Event Format (CEF). The syslog format should be the same as that shown in the example.
Example Syslog for ComWare Switch Messages

%Apr 2 11:38:11:113 2010 H3C DEVD/3/BOARD REBOOT:Chasis 0 slot 2 need be rebooted automatically!
%Sep 22 20:38:32:947 2009 H3C DEVD/4/BRD MISPLUG: The board or subcard in slot 1 is not supported.
%Sep 22 20:38:32:947 2009 H3C DEVD/4/BRD MISPLUG: The board type of MR in 1 is different from the Mate MR's, so the MR can't work properly.
%Sep 22 20:38:32:947 2009 H3C DEVD/2/BRD TOO HOT:Temperature of the board is too high!
%Sep 22 20:38:32:947 2009 H3C DEVD/2/ FAN CHANGE: Chassis 1: Fan communication state changed: Fan 1 changed to fault.

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type H3C Comware
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration