Fortinet black logo

External Systems Configuration Guide

ArubaOS-CX Switching Platform

ArubaOS-CX Switching Platform

Support Added: FortiSIEM 6.3.2

Vendor: Aruba Networks (a Hewlett Packard Enterprise company)

Product Information: https://www.arubanetworks.com/products/switches/

What is Discovered and Monitored

The following protocols are used to discover and monitor various aspects of ArubaOS-CX switches.

Protocol

Metrics Collected

Used For

Syslog

Audit logs, General Performance and Availability logs

Security and Compliance

Configuration

Logging allows you to add syslog servers where the event log messages related to the AOS-CX switches are saved. For each of the syslog server added, you can configure the severity of the event logs to be saved on these servers. Configuration of the severity level for the debug logs can be done by configuring the severity at the global level. However, a minimum of one syslog server must be added to configure the global severity level.

Configuration via CLI

To configure syslog for an ArubaOS-CX switch, run the following CLI command.

logging <destIP or FQDN of FortiSIEM collector>

Example: logging 192.0.2.0

Configuration via GUI

To configure syslog for an ArubaOS-CX switch, take the following steps.

Note: For the latest configuration instructions, see Configuring Logging Servers for AOX-CX at https://help.central.arubanetworks.com/latest/documentation/online_help/content/aos-cx/cfg/conf-cx-logging.htm

  1. In the Network Operations app, select one of the following options:

    1. To select a group in the filter:

      1. Set the filter to a group. The dashboard context for the group is displayed.

      2. Under Manage, click Devices > Switches.

      3. Click the AOS-CX or the Config icon to view the AOS-CX switch configuration dashboard.

    2. To select a switch:

      1. Set the filter to Global or a group containing at least one switch.

      2. Under Manage, click Devices > Switches. A list of switches is displayed in the List view.

      3. Click an AOS-CX switch under Device Name. The dashboard context for the switch is displayed.

      4. Under Manage, click Device.

        The AOS-CX UI configuration page is displayed.

  2. Click System > Logging. The Logging page is displayed.

  3. Select the debug syslog severity level at the global level from the Level drop-down list.This severity level is applied to the debug logs that are saved on the syslog servers. You must add a minimum of one event syslog server before configuring the global severity level.

  4. In the Logging Servers table, click + to add a logging server and configure the following parameters in the Add Logging Server page.

    Parameters

    Description

    Value

    FQDN or IP address Fully Qualified Domain Name (FQDN) hostname or IP address of the logging server. Enter the IPv4 address in the x.x.x.x format or the hostname of the server.
    Level Severity level of the events that the logging server must log.

    The following severity levels are supported:

    • Emergency

    • Critical

    • Alert

    • Error

    • Warning

    • Notice

    • Information

    • Debug

    VRF VRF on which the logging server is configured. Default or Management.
  5. Click Apply and then click Save.

  6. To edit parameters of a logging server, select the row in the Logging Servers table and click the edit icon. The Edit Logging Server page is displayed. You can edit only the event log severity level and the VRF.

  7. Click Apply and then click Save.

  8. To delete the syslog server, select the row in the Logging Servers table and click the delete icon.

  9. Click OK in the confirmation pop-up and then click Save.

Sample Events

<190>1 2021-08-31T12:29:06.148824-06:00 lab-1 hpe-restd 886 - - Event|4604|LOG_INFO|AMM|-|Session started for user user1, session reO7LY123452GW7JlMw==
<190>1 2021-09-01T07:43:56.409226-06:00 lab-1 hpe-restd 886 - - Event|4609|LOG_INFO|AMM|-|User aruba-admin added newuser-test with role admin-role

ArubaOS-CX Switching Platform

Support Added: FortiSIEM 6.3.2

Vendor: Aruba Networks (a Hewlett Packard Enterprise company)

Product Information: https://www.arubanetworks.com/products/switches/

What is Discovered and Monitored

The following protocols are used to discover and monitor various aspects of ArubaOS-CX switches.

Protocol

Metrics Collected

Used For

Syslog

Audit logs, General Performance and Availability logs

Security and Compliance

Configuration

Logging allows you to add syslog servers where the event log messages related to the AOS-CX switches are saved. For each of the syslog server added, you can configure the severity of the event logs to be saved on these servers. Configuration of the severity level for the debug logs can be done by configuring the severity at the global level. However, a minimum of one syslog server must be added to configure the global severity level.

Configuration via CLI

To configure syslog for an ArubaOS-CX switch, run the following CLI command.

logging <destIP or FQDN of FortiSIEM collector>

Example: logging 192.0.2.0

Configuration via GUI

To configure syslog for an ArubaOS-CX switch, take the following steps.

Note: For the latest configuration instructions, see Configuring Logging Servers for AOX-CX at https://help.central.arubanetworks.com/latest/documentation/online_help/content/aos-cx/cfg/conf-cx-logging.htm

  1. In the Network Operations app, select one of the following options:

    1. To select a group in the filter:

      1. Set the filter to a group. The dashboard context for the group is displayed.

      2. Under Manage, click Devices > Switches.

      3. Click the AOS-CX or the Config icon to view the AOS-CX switch configuration dashboard.

    2. To select a switch:

      1. Set the filter to Global or a group containing at least one switch.

      2. Under Manage, click Devices > Switches. A list of switches is displayed in the List view.

      3. Click an AOS-CX switch under Device Name. The dashboard context for the switch is displayed.

      4. Under Manage, click Device.

        The AOS-CX UI configuration page is displayed.

  2. Click System > Logging. The Logging page is displayed.

  3. Select the debug syslog severity level at the global level from the Level drop-down list.This severity level is applied to the debug logs that are saved on the syslog servers. You must add a minimum of one event syslog server before configuring the global severity level.

  4. In the Logging Servers table, click + to add a logging server and configure the following parameters in the Add Logging Server page.

    Parameters

    Description

    Value

    FQDN or IP address Fully Qualified Domain Name (FQDN) hostname or IP address of the logging server. Enter the IPv4 address in the x.x.x.x format or the hostname of the server.
    Level Severity level of the events that the logging server must log.

    The following severity levels are supported:

    • Emergency

    • Critical

    • Alert

    • Error

    • Warning

    • Notice

    • Information

    • Debug

    VRF VRF on which the logging server is configured. Default or Management.
  5. Click Apply and then click Save.

  6. To edit parameters of a logging server, select the row in the Logging Servers table and click the edit icon. The Edit Logging Server page is displayed. You can edit only the event log severity level and the VRF.

  7. Click Apply and then click Save.

  8. To delete the syslog server, select the row in the Logging Servers table and click the delete icon.

  9. Click OK in the confirmation pop-up and then click Save.

Sample Events

<190>1 2021-08-31T12:29:06.148824-06:00 lab-1 hpe-restd 886 - - Event|4604|LOG_INFO|AMM|-|Session started for user user1, session reO7LY123452GW7JlMw==
<190>1 2021-09-01T07:43:56.409226-06:00 lab-1 hpe-restd 886 - - Event|4609|LOG_INFO|AMM|-|User aruba-admin added newuser-test with role admin-role