Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

AWS EC2 CloudWatch API

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
CloudWatch API 
  • Machine name
  • Internal Access IP
  • Instance ID
  • Image ID
  • Availability Zone
  • Instance Type
  • Volume ID
  • Status
  • Attach Time
  • CPU Utilization
  • Received Bits/sec
  • Sent Bits/sec
  • Disk reads (Instance Store)
  • Disk writes (Instance Store)
  • Disk reads/sec (Instance Store)
  • Disk writes/sec (Instance Store)
  • Packet loss
  • Read Bytes (EBS)
  • Write Bytes (EBS)
  • Read Ops (EBS)
  • Write Ops (EBS)
  • Disk Queue (EBS)
Performance Monitoring

Event Types

  • PH_DEV_MON_EBS_METRIC  captures EBS metrics

Configuration

If you have not already configured Access Keys and permissions in AWS, please follow the steps outlined in AWS Access Key IAM Permissions and IAM Policies.

You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide. You should also be sure to read the topic Discovering Amazon Web Services (AWS) Infrastructure.

Settings for Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access AWS CloudWatch.

Setting Value
Name ec2
Device Type Amazon AWS CloudWatch
Access Protocol AWS CloudWatch
Region The region in which your AWS instance is located
AWS Account The name of your AWS account.
Log Group Name Name of the log group.
Log Stream Name Name of the log stream.
Password Config See Password Configuration.
Access Key ID The access key for your EC2 instance
Secret Key The secret key for your EC2 instance

Sample events

[PH_DEV_MON_EC2_METRIC]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,
[lineNumber]=6571,[hostName]=ec2-54-81-216-218.compute-1.amazonaws.com,[hostIpAddr]=10.144.18.131,[cpuUtil]=0.334000,[diskReadKBytesPerSec]=0.000000,[diskWriteKBytesPerSec]=0.000000,[diskReadReqPerSec]=0.000000,[diskWriteReqPerSec]=0.000000,[sentBytes]=131,[recvBytes]=165,[sentBitsPerSec]=17.493333,[recvBitsPerSec]=22.026667,[phLogDetail]=
[PH_DEV_MON_EBS_METRIC]:[eventSeverity]=PHL_INFO,[fileName]=deviceAws.cpp,
[lineNumber]=133,[hostName]=ec2-52-69-215-178.ap-northeast-1.compute.amazonaws.com,[hostIpAddr]=172.30.0.50,[diskName]=/dev/sda1,[volumeId]=vol-63287d9f,[diskReadKBytesPerSec]=7.395556,[diskWriteKBytesPerSec]=7.395556,[ioReadsPerSec]=0.000000,[ioWritesPerSec]=0.010000,[diskQLen]=0,[phLogDetail]=

AWS EC2 CloudWatch API

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
CloudWatch API 
  • Machine name
  • Internal Access IP
  • Instance ID
  • Image ID
  • Availability Zone
  • Instance Type
  • Volume ID
  • Status
  • Attach Time
  • CPU Utilization
  • Received Bits/sec
  • Sent Bits/sec
  • Disk reads (Instance Store)
  • Disk writes (Instance Store)
  • Disk reads/sec (Instance Store)
  • Disk writes/sec (Instance Store)
  • Packet loss
  • Read Bytes (EBS)
  • Write Bytes (EBS)
  • Read Ops (EBS)
  • Write Ops (EBS)
  • Disk Queue (EBS)
Performance Monitoring

Event Types

  • PH_DEV_MON_EBS_METRIC  captures EBS metrics

Configuration

If you have not already configured Access Keys and permissions in AWS, please follow the steps outlined in AWS Access Key IAM Permissions and IAM Policies.

You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide. You should also be sure to read the topic Discovering Amazon Web Services (AWS) Infrastructure.

Settings for Access Credentials

Use these Access Method Definition settings to allow FortiSIEM to access AWS CloudWatch.

Setting Value
Name ec2
Device Type Amazon AWS CloudWatch
Access Protocol AWS CloudWatch
Region The region in which your AWS instance is located
AWS Account The name of your AWS account.
Log Group Name Name of the log group.
Log Stream Name Name of the log stream.
Password Config See Password Configuration.
Access Key ID The access key for your EC2 instance
Secret Key The secret key for your EC2 instance

Sample events

[PH_DEV_MON_EC2_METRIC]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,
[lineNumber]=6571,[hostName]=ec2-54-81-216-218.compute-1.amazonaws.com,[hostIpAddr]=10.144.18.131,[cpuUtil]=0.334000,[diskReadKBytesPerSec]=0.000000,[diskWriteKBytesPerSec]=0.000000,[diskReadReqPerSec]=0.000000,[diskWriteReqPerSec]=0.000000,[sentBytes]=131,[recvBytes]=165,[sentBitsPerSec]=17.493333,[recvBitsPerSec]=22.026667,[phLogDetail]=
[PH_DEV_MON_EBS_METRIC]:[eventSeverity]=PHL_INFO,[fileName]=deviceAws.cpp,
[lineNumber]=133,[hostName]=ec2-52-69-215-178.ap-northeast-1.compute.amazonaws.com,[hostIpAddr]=172.30.0.50,[diskName]=/dev/sda1,[volumeId]=vol-63287d9f,[diskReadKBytesPerSec]=7.395556,[diskWriteKBytesPerSec]=7.395556,[ioReadsPerSec]=0.000000,[ioWritesPerSec]=0.010000,[diskQLen]=0,[phLogDetail]=