Fortinet black logo

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

AWS EC2 CloudWatch API

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
CloudWatch API 
  • Machine name
  • Internal Access IP
  • Instance ID
  • Image ID
  • Availability Zone
  • Instance Type
  • Volume ID
  • Status
  • Attach Time
  • CPU Utilization
  • Received Bits/sec
  • Sent Bits/sec
  • Disk reads (Instance Store)
  • Disk writes (Instance Store)
  • Disk reads/sec (Instance Store)
  • Disk writes/sec (Instance Store)
  • Packet loss
  • Read Bytes (EBS)
  • Write Bytes (EBS)
  • Read Ops (EBS)
  • Write Ops (EBS)
  • Disk Queue (EBS)
Performance Monitoring

Event Types

  • PH_DEV_MON_EBS_METRIC  captures EBS metrics

Configuration

If you have not already configured Access Keys and permissions in AWS, please follow the steps outlined in AWS Access Key IAM Permissions and IAM Policies.

You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide. You should also be sure to read the topic Discovering Amazon Web Services (AWS) Infrastructure.

Settings for Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access AWS CloudWatch.

SettingValue
Nameec2
Device TypeAmazon AWS CloudWatch
Access ProtocolAWS CloudWatch
RegionThe region in which your AWS instance is located
AWS AccountThe name of your AWS account.
Log Group NameName of the log group.
Log Stream NameName of the log stream.
Password ConfigSee Password Configuration.
Access Key IDThe access key for your EC2 instance
Secret KeyThe secret key for your EC2 instance

Sample events

[PH_DEV_MON_EC2_METRIC]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,
[lineNumber]=6571,[hostName]=ec2-54-81-216-218.compute-1.amazonaws.com,[hostIpAddr]=10.144.18.131,[cpuUtil]=0.334000,[diskReadKBytesPerSec]=0.000000,[diskWriteKBytesPerSec]=0.000000,[diskReadReqPerSec]=0.000000,[diskWriteReqPerSec]=0.000000,[sentBytes]=131,[recvBytes]=165,[sentBitsPerSec]=17.493333,[recvBitsPerSec]=22.026667,[phLogDetail]=
[PH_DEV_MON_EBS_METRIC]:[eventSeverity]=PHL_INFO,[fileName]=deviceAws.cpp,
[lineNumber]=133,[hostName]=ec2-52-69-215-178.ap-northeast-1.compute.amazonaws.com,[hostIpAddr]=172.30.0.50,[diskName]=/dev/sda1,[volumeId]=vol-63287d9f,[diskReadKBytesPerSec]=7.395556,[diskWriteKBytesPerSec]=7.395556,[ioReadsPerSec]=0.000000,[ioWritesPerSec]=0.010000,[diskQLen]=0,[phLogDetail]=

AWS EC2 CloudWatch API

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
CloudWatch API 
  • Machine name
  • Internal Access IP
  • Instance ID
  • Image ID
  • Availability Zone
  • Instance Type
  • Volume ID
  • Status
  • Attach Time
  • CPU Utilization
  • Received Bits/sec
  • Sent Bits/sec
  • Disk reads (Instance Store)
  • Disk writes (Instance Store)
  • Disk reads/sec (Instance Store)
  • Disk writes/sec (Instance Store)
  • Packet loss
  • Read Bytes (EBS)
  • Write Bytes (EBS)
  • Read Ops (EBS)
  • Write Ops (EBS)
  • Disk Queue (EBS)
Performance Monitoring

Event Types

  • PH_DEV_MON_EBS_METRIC  captures EBS metrics

Configuration

If you have not already configured Access Keys and permissions in AWS, please follow the steps outlined in AWS Access Key IAM Permissions and IAM Policies.

You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide. You should also be sure to read the topic Discovering Amazon Web Services (AWS) Infrastructure.

Settings for Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access AWS CloudWatch.

SettingValue
Nameec2
Device TypeAmazon AWS CloudWatch
Access ProtocolAWS CloudWatch
RegionThe region in which your AWS instance is located
AWS AccountThe name of your AWS account.
Log Group NameName of the log group.
Log Stream NameName of the log stream.
Password ConfigSee Password Configuration.
Access Key IDThe access key for your EC2 instance
Secret KeyThe secret key for your EC2 instance

Sample events

[PH_DEV_MON_EC2_METRIC]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,
[lineNumber]=6571,[hostName]=ec2-54-81-216-218.compute-1.amazonaws.com,[hostIpAddr]=10.144.18.131,[cpuUtil]=0.334000,[diskReadKBytesPerSec]=0.000000,[diskWriteKBytesPerSec]=0.000000,[diskReadReqPerSec]=0.000000,[diskWriteReqPerSec]=0.000000,[sentBytes]=131,[recvBytes]=165,[sentBitsPerSec]=17.493333,[recvBitsPerSec]=22.026667,[phLogDetail]=
[PH_DEV_MON_EBS_METRIC]:[eventSeverity]=PHL_INFO,[fileName]=deviceAws.cpp,
[lineNumber]=133,[hostName]=ec2-52-69-215-178.ap-northeast-1.compute.amazonaws.com,[hostIpAddr]=172.30.0.50,[diskName]=/dev/sda1,[volumeId]=vol-63287d9f,[diskReadKBytesPerSec]=7.395556,[diskWriteKBytesPerSec]=7.395556,[ioReadsPerSec]=0.000000,[ioWritesPerSec]=0.010000,[diskQLen]=0,[phLogDetail]=