Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Nginx Web Server

The following protocols are used to discover and monitor various aspects of Nginx webserver.

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Application type

Process level metrics: CPU utilization, Memory utilization

Performance Monitoring

Syslog

W3C access logs: attributes include Client IP, URL, User Agent, Referrer, HTTP Version, HTTP Method, HTTP Status Code, Sent Bytes, Received Bytes, Connection Duration

Security Monitoring and compliance

Event Types

In ADMIN > Device Support > Event, search for "nginx" in the Device Type and Description column to see the event types associated with this device. 

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.  

Syslog

FortiSIEM processes events from this device via syslogs sent by the device. Configure the device to send syslogs to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

  • For Syslog Server, or the server where the syslogs should be sent, enter the IP address of your FortiSIEM virtual appliance.
  • For Port, enter 514.
  • Make sure that the syslog type is Common Event Format (CEF). The syslog format should be the same as that shown in the example.

Example nginx Syslog

<29>Jun 15 07:59:03 ny-n1-p2 nginx: "200.158.115.204","-","Mozilla/5.0 (Windows NT 5.1 WOW64; rv:9.0.1) Gecko/20100178 Firefox/9.0.1","/images/design/header-2-logo.jpg","GET","http://wm-center.com/images/design/header-2-logo.jpg","200","0","/ypf-cookie_auth/index.html","0.000","877","-","10.4.200.203","80","wm-center.com","no-cache, no-store, must-revalidate","-","1.64","_","-","-" 

Settings for Access Credentials

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

Setting Value
Name <set name>
Device Type Generic
Access Protocol SNMP
Community String <your own>

Nginx Web Server

The following protocols are used to discover and monitor various aspects of Nginx webserver.

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Application type

Process level metrics: CPU utilization, Memory utilization

Performance Monitoring

Syslog

W3C access logs: attributes include Client IP, URL, User Agent, Referrer, HTTP Version, HTTP Method, HTTP Status Code, Sent Bytes, Received Bytes, Connection Duration

Security Monitoring and compliance

Event Types

In ADMIN > Device Support > Event, search for "nginx" in the Device Type and Description column to see the event types associated with this device. 

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.  

Syslog

FortiSIEM processes events from this device via syslogs sent by the device. Configure the device to send syslogs to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

  • For Syslog Server, or the server where the syslogs should be sent, enter the IP address of your FortiSIEM virtual appliance.
  • For Port, enter 514.
  • Make sure that the syslog type is Common Event Format (CEF). The syslog format should be the same as that shown in the example.

Example nginx Syslog

<29>Jun 15 07:59:03 ny-n1-p2 nginx: "200.158.115.204","-","Mozilla/5.0 (Windows NT 5.1 WOW64; rv:9.0.1) Gecko/20100178 Firefox/9.0.1","/images/design/header-2-logo.jpg","GET","http://wm-center.com/images/design/header-2-logo.jpg","200","0","/ypf-cookie_auth/index.html","0.000","877","-","10.4.200.203","80","wm-center.com","no-cache, no-store, must-revalidate","-","1.64","_","-","-" 

Settings for Access Credentials

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

Setting Value
Name <set name>
Device Type Generic
Access Protocol SNMP
Community String <your own>