Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Linux DHCP

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Application type

Process level CPU utilization, Memory utilization

Performance Monitoring

Syslog

Application type

DHCP address release/renew events that are used by FortiSIEM for Identity and location: attributes include IP Address, MAC address, Host Name

Security and compliance (associate machines to IP addresses)

Event Types

In ADMIN > Device Support > Event, search for "linux dhcp" in the Device Type column to see the event types associated with this device. 

Configuration

SNMP
  1. Make sure that snmp libraries are installed.
    FortiSIEM has been tested to work with net-snmp libraries.
  2. Log in to your device with administrator credentials. 
  3. Modify the /etc/snmp/snmpd.conf file:
    1. Define the community string for FortiSIEM usage and permit snmp access from FortiSIEM IP.
    2. Allow FortiSIEM to (read-only) view the mib-2 tree.
    3. Open up the entire tree for read-only view.
  4. Restart the snmpd deamon by issuing /etc/init.d/snmpd restart.
  5. Add the snmpd daemon to start from boot by issuing chkconfig snmpd on.
  6. Make sure that snmpd is running.

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Syslog

Configure Linux DHCP to Forward Logs to Syslog Daemon

  1. Edit dhcpd.conf and insert the line log-facility local7;.
  2. Restart dhcpd by issuing /etc/init.d/dhcpd restart.

Configure Syslog to Forward to FortiSIEM

  1. Edit syslog.conf and add a new line: Local7.* @<IP address of FortiSIEM server>
  2. Restart syslog daemon by issuing /etc/init.d/syslog restart.
Sample Syslog
<13>Aug 26 19:28:11 DNS-Pri dhcpd: DHCPREQUEST for 172.16.10.200 (172.16.10.8) from 00:50:56:88:4e:17 (26L2233B1-02)

Settings for Access Credentials

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

Setting Value
Name <set name>
Device Type Generic
Access Protocol SNMP
Community String <your own>

Linux DHCP

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Application type

Process level CPU utilization, Memory utilization

Performance Monitoring

Syslog

Application type

DHCP address release/renew events that are used by FortiSIEM for Identity and location: attributes include IP Address, MAC address, Host Name

Security and compliance (associate machines to IP addresses)

Event Types

In ADMIN > Device Support > Event, search for "linux dhcp" in the Device Type column to see the event types associated with this device. 

Configuration

SNMP
  1. Make sure that snmp libraries are installed.
    FortiSIEM has been tested to work with net-snmp libraries.
  2. Log in to your device with administrator credentials. 
  3. Modify the /etc/snmp/snmpd.conf file:
    1. Define the community string for FortiSIEM usage and permit snmp access from FortiSIEM IP.
    2. Allow FortiSIEM to (read-only) view the mib-2 tree.
    3. Open up the entire tree for read-only view.
  4. Restart the snmpd deamon by issuing /etc/init.d/snmpd restart.
  5. Add the snmpd daemon to start from boot by issuing chkconfig snmpd on.
  6. Make sure that snmpd is running.

You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Syslog

Configure Linux DHCP to Forward Logs to Syslog Daemon

  1. Edit dhcpd.conf and insert the line log-facility local7;.
  2. Restart dhcpd by issuing /etc/init.d/dhcpd restart.

Configure Syslog to Forward to FortiSIEM

  1. Edit syslog.conf and add a new line: Local7.* @<IP address of FortiSIEM server>
  2. Restart syslog daemon by issuing /etc/init.d/syslog restart.
Sample Syslog
<13>Aug 26 19:28:11 DNS-Pri dhcpd: DHCPREQUEST for 172.16.10.200 (172.16.10.8) from 00:50:56:88:4e:17 (26L2233B1-02)

Settings for Access Credentials

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

Setting Value
Name <set name>
Device Type Generic
Access Protocol SNMP
Community String <your own>