Fortinet black logo

External Systems Configuration Guide

Cisco Application Centric Infrastructure (ACI)

Cisco Application Centric Infrastructure (ACI)

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
Cisco APIC API (REST) Overall Health, Tenant Health, Node Health, Cluster Health, Application Health, EPG health, Fault Record, Event record, Log Record, Configuration Change Availability and Performance Monitoring

Event Types

Go to ADMIN > Device Support > Event Types and search for "Cisco_ACI".

Rules

Go to RESOURCES > Rules and search for "Cisco ACI" in the main content panel Search... field.

Reports

Go to RESOURCES > Reports and search for "Cisco ACI" in the main content panel Search... field.

Configuration

Cisco ACI Configuration

Please configure Cisco ACI Appliance so that FortiSIEM can access it via APIC API.

FortiSIEM Configuration
  1. Go to ADMIN > Setup > Credentials.
  2. In Step 1: Enter Credentials, click New and create a credential.

    SettingsDescription
    NameEnter a name for the credential.
    Device TypeCISCO CISCO ACI
    Access ProtocolCisco APIC API
    Pull Interval5 minutes
    Port443
    Password configSee Password Configuration
    User NameUser name for device access
    PasswordPassword for the various REST APIs
    DescriptionPassword for the various REST APIs
  3. In Step 2: Enter IP Range to Credential Associations click New and create the association.
    1. IP - specify the IP address of the ACI Controller
    2. Credential - specify the Name as in 2a
  4. Test Connectivity - Click the Test drop-down list, and select Test Connectivity with or without ping and make sure the test succeeds
  5. Check Pull Events, located by navigating to ADMIN > Setup > Pull Events, to make sure that a event pulling entry is created

Sample Events

Overall Health Event
[Cisco_ACI_Overall_Health]: {"attributes":{"childAction":"","cnt":"29","dn":"topology/HDfabricOverallHealth5min0","healthAvg":"82","healthMax":"89",
"healthMin":"0","healthSpct":"0","healthThr":"","healthTr":"1","index":"0","lastCollOffset":"290","repIntvEnd":"2016-09-05T08:13:53.232+00:00","repIntvStart":"2016-09-05T08:09:03.128+00:00","status":""}}
Tenant Health Event
[Cisco_ACI_Tenant_Health]: {"attributes":{"childAction":"","descr":"","dn":"uni/tn-CliQr","lcOwn":"local","modTs":"2016-09-05T07:56:27.164+00:00","monPolDn":"uni/tn-common/monepg-default","name":"CliQr","ownerKey":"","ownerTag":"","status":"","uid":"15374"},"children":[{"healthInst":{"attributes":{"childAction":"","chng":"0","cur":"100","maxSev":"cleared","prev":"100","rn":"health","status":"",
"twScore":"100","updTs":"2016-09-05T08:27:03.584+00:00"}}}]
Nodes Health Event
[Cisco_ACI_Node_Health]: {"attributes":{"address":"10.0.208.95","childAction":"","configIssues":"","currentTime":"2016-09-05T08:15:51.794+00:00","dn":"topology/pod-1/node-101/sys","fabricId":"1","fabricMAC":"00:22:BD:F8:19:FF","id":"101","inbMgmtAddr":"0.0.0.0",
"inbMgmtAddr6":"0.0.0.0","lcOwn":"local","modTs":"2016-09-05T07:57:29.435+00:00",
"mode":"unspecified","monPolDn":"uni/fabric/monfab-default","name":"Leaf1","oobMgmtAddr":"0.0.0.0","oobMgmtAddr6":"0.0.0.0","podId":"1","role"
:"leaf","serial":"TEP-1-101","state":"in-service","status":"","systemUpTime":"00:00:27:05.000"},"children":[{"healthInst":{"attributes":{"childAction":"","chng":"-10","cur":"90","maxSev":"cleared","prev":"100","rn":"health","status":"","twScore":"90","updTs":"2016-09-05T07:50:08.415+00:00"}}}]
Cluster Health Event
[Cisco_ACI_Cluster_Health]: {"attributes":{"addr":"10.0.0.1","adminSt":"in-service","chassis":"10220833-ea00-3bb3-93b2-ef1e7e645889","childAction":"","cntrlSbstState":"approved","dn":"topology/pod-1/node-1/av/node-1","health":"fully-fit","id":"1","lcOwn":"local","mbSn":"TEP-1-1","modTs":"2016-09-05T08:00:46.797+00:00","monPolDn":"","mutnTs":"2016-09-05T07:50:19.570+00:00","name":"","nodeName":"apic1","operSt":"available","status":"","uid":"0"}
Application Health Event
[Cisco_ACI_Application_Health]: {"attributes":{"childAction":"","descr":"","dn":"uni/tn-infra/ap-access","lcOwn":"local","modTs":"2016-09-07T08:17:20.503+00:00","monPolDn":"uni/tn-common/monepg-default","name":"access","ownerKey":"","ownerTag":"","prio":"unspecified","status":"","uid":"0"},
"children":[{"healthInst":{"attributes":{"childAction":"","chng":"0","cur":"100","maxSev":"cleared","prev":"100","rn":"health","status":"","twScore":
"100","updTs":"2016-09-07T08:39:35.531+00:00"}}}]}
EPG Health Event
[Cisco_ACI_EPG_Health]: {"attributes":{"childAction":"","configIssues":"","configSt":"applied","descr":"","dn":"uni/tn-infra/ap-access/epg-default","isAttrBasedEPg":"no","lcOwn":"local","matchT":"AtleastOne","modTs":"2016-09-07T08:17:20.503+00:00","monPolDn":"uni/tn-common/monepg-default","name":"default","pcEnfPref":"unenforced","pcTag":"16386","prio":"unspecified",
"scope":"16777199","status":"","triggerSt":"triggerable","txId":"5764607523034234882","uid":"0"},"children":[{"healthInst":{"attributes":{"childAction":"","chng":"0","cur":"100","maxSev":"cleared","prev":"100","rn":"health","status":"",
"twScore":"100","updTs":"2016-09-07T08:39:35.549+00:00"}}}]
Fault Record Event
[Cisco_ACI_Fault_Record]: ,"created":"2016-09-05T08:00:41.313+00:00","delegated":"no","delegatedFrom":"","descr":
"Controller3isunhealthybecause:DataLayerPartiallyDegradedLeadership","dn":"subj-[topology/pod-1/node-1/av/node-3]/fr-4294967583","domain":"infra","highestSeverity":"critical","id":"4294967583","ind":"modification",
"lc":"soaking","modTs":"never","occur":"1","origSeverity":"critical","prevSeverity":"critical",
"rule":"infra-wi-node-health","severity":"critical","status":"","subject":"controller","type":"operational"}
Event Record Event
[Cisco_ACI_Event_Record]: {"attributes":{"affected":"topology/pod-1/node-2/lon/svc-ifc_dhcpd","cause":"state-change","changeSet":"id:ifc_dhcpd,leCnnct:undefined,leNonOptCnt:undefined,leNotCnnct:undefined,name:ifc_dhcpd","childAction":"","code":"E4204979","created":"2016-09-05T07:57:37.024+00:00","descr":"Allshardsofserviceifc_dhcpdhaveconnectivitytotheleaderreplicaintheCluster.","dn":"subj-[topology/pod-1/node-2/lon/svc-ifc_dhcpd]/rec-8589934722","id":"8589934722","ind":"state-transition","modTs":"never","severity":"info","status":"","trig":"oper","txId":
"18374686479671623682","user":"internal"}
Log Record Event
[Cisco_ACI_Log_Record]: {"attributes":{"affected":"uni/userext/user-admin","cause":"unknown","changeSet":"","childAction":"","clientTag":"","code":"generic","created"
:"2016-09-05T07:56:25.825+00:00","descr":"From-198.18.134.150-client-type-REST-
Success","dn":"subj-[uni/userext/user-admin]/sess-4294967297","id":"4294967297","ind":"special","modTs":"never","severity":"info","status":"","systemId":"1","trig":
"login,session","txId":"0","user":"admin"}
Configuration Change Event
[Cisco_ACI_Configuration_Chang]: {"attributes":{"affected":"uni/tn-CliQr/out-CliQr-Prod-L3Out/instP-CliQr-Prod-L3Out-EPG/rscustQosPol","cause":"transition","changeSet":"","childAction":"","clientTag":"","code":"E4206266",
"created":"2016-09-05T07:56:27.099+00:00","descr":"RsCustQosPolcreated","dn":"subj-[uni/tn-CliQr/out-CliQr-Prod-L3Out/instP-CliQr-Prod-L3Out-EPG/rscustQosPol]/mod-4294967308","id":"4294967308","ind":"creation","modTs":"never","severity":"info","status":"","trig":"config","txId":
"7493989779944505526","user":"admin"}}

Cisco Application Centric Infrastructure (ACI)

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
Cisco APIC API (REST) Overall Health, Tenant Health, Node Health, Cluster Health, Application Health, EPG health, Fault Record, Event record, Log Record, Configuration Change Availability and Performance Monitoring

Event Types

Go to ADMIN > Device Support > Event Types and search for "Cisco_ACI".

Rules

Go to RESOURCES > Rules and search for "Cisco ACI" in the main content panel Search... field.

Reports

Go to RESOURCES > Reports and search for "Cisco ACI" in the main content panel Search... field.

Configuration

Cisco ACI Configuration

Please configure Cisco ACI Appliance so that FortiSIEM can access it via APIC API.

FortiSIEM Configuration
  1. Go to ADMIN > Setup > Credentials.
  2. In Step 1: Enter Credentials, click New and create a credential.

    SettingsDescription
    NameEnter a name for the credential.
    Device TypeCISCO CISCO ACI
    Access ProtocolCisco APIC API
    Pull Interval5 minutes
    Port443
    Password configSee Password Configuration
    User NameUser name for device access
    PasswordPassword for the various REST APIs
    DescriptionPassword for the various REST APIs
  3. In Step 2: Enter IP Range to Credential Associations click New and create the association.
    1. IP - specify the IP address of the ACI Controller
    2. Credential - specify the Name as in 2a
  4. Test Connectivity - Click the Test drop-down list, and select Test Connectivity with or without ping and make sure the test succeeds
  5. Check Pull Events, located by navigating to ADMIN > Setup > Pull Events, to make sure that a event pulling entry is created

Sample Events

Overall Health Event
[Cisco_ACI_Overall_Health]: {"attributes":{"childAction":"","cnt":"29","dn":"topology/HDfabricOverallHealth5min0","healthAvg":"82","healthMax":"89",
"healthMin":"0","healthSpct":"0","healthThr":"","healthTr":"1","index":"0","lastCollOffset":"290","repIntvEnd":"2016-09-05T08:13:53.232+00:00","repIntvStart":"2016-09-05T08:09:03.128+00:00","status":""}}
Tenant Health Event
[Cisco_ACI_Tenant_Health]: {"attributes":{"childAction":"","descr":"","dn":"uni/tn-CliQr","lcOwn":"local","modTs":"2016-09-05T07:56:27.164+00:00","monPolDn":"uni/tn-common/monepg-default","name":"CliQr","ownerKey":"","ownerTag":"","status":"","uid":"15374"},"children":[{"healthInst":{"attributes":{"childAction":"","chng":"0","cur":"100","maxSev":"cleared","prev":"100","rn":"health","status":"",
"twScore":"100","updTs":"2016-09-05T08:27:03.584+00:00"}}}]
Nodes Health Event
[Cisco_ACI_Node_Health]: {"attributes":{"address":"10.0.208.95","childAction":"","configIssues":"","currentTime":"2016-09-05T08:15:51.794+00:00","dn":"topology/pod-1/node-101/sys","fabricId":"1","fabricMAC":"00:22:BD:F8:19:FF","id":"101","inbMgmtAddr":"0.0.0.0",
"inbMgmtAddr6":"0.0.0.0","lcOwn":"local","modTs":"2016-09-05T07:57:29.435+00:00",
"mode":"unspecified","monPolDn":"uni/fabric/monfab-default","name":"Leaf1","oobMgmtAddr":"0.0.0.0","oobMgmtAddr6":"0.0.0.0","podId":"1","role"
:"leaf","serial":"TEP-1-101","state":"in-service","status":"","systemUpTime":"00:00:27:05.000"},"children":[{"healthInst":{"attributes":{"childAction":"","chng":"-10","cur":"90","maxSev":"cleared","prev":"100","rn":"health","status":"","twScore":"90","updTs":"2016-09-05T07:50:08.415+00:00"}}}]
Cluster Health Event
[Cisco_ACI_Cluster_Health]: {"attributes":{"addr":"10.0.0.1","adminSt":"in-service","chassis":"10220833-ea00-3bb3-93b2-ef1e7e645889","childAction":"","cntrlSbstState":"approved","dn":"topology/pod-1/node-1/av/node-1","health":"fully-fit","id":"1","lcOwn":"local","mbSn":"TEP-1-1","modTs":"2016-09-05T08:00:46.797+00:00","monPolDn":"","mutnTs":"2016-09-05T07:50:19.570+00:00","name":"","nodeName":"apic1","operSt":"available","status":"","uid":"0"}
Application Health Event
[Cisco_ACI_Application_Health]: {"attributes":{"childAction":"","descr":"","dn":"uni/tn-infra/ap-access","lcOwn":"local","modTs":"2016-09-07T08:17:20.503+00:00","monPolDn":"uni/tn-common/monepg-default","name":"access","ownerKey":"","ownerTag":"","prio":"unspecified","status":"","uid":"0"},
"children":[{"healthInst":{"attributes":{"childAction":"","chng":"0","cur":"100","maxSev":"cleared","prev":"100","rn":"health","status":"","twScore":
"100","updTs":"2016-09-07T08:39:35.531+00:00"}}}]}
EPG Health Event
[Cisco_ACI_EPG_Health]: {"attributes":{"childAction":"","configIssues":"","configSt":"applied","descr":"","dn":"uni/tn-infra/ap-access/epg-default","isAttrBasedEPg":"no","lcOwn":"local","matchT":"AtleastOne","modTs":"2016-09-07T08:17:20.503+00:00","monPolDn":"uni/tn-common/monepg-default","name":"default","pcEnfPref":"unenforced","pcTag":"16386","prio":"unspecified",
"scope":"16777199","status":"","triggerSt":"triggerable","txId":"5764607523034234882","uid":"0"},"children":[{"healthInst":{"attributes":{"childAction":"","chng":"0","cur":"100","maxSev":"cleared","prev":"100","rn":"health","status":"",
"twScore":"100","updTs":"2016-09-07T08:39:35.549+00:00"}}}]
Fault Record Event
[Cisco_ACI_Fault_Record]: ,"created":"2016-09-05T08:00:41.313+00:00","delegated":"no","delegatedFrom":"","descr":
"Controller3isunhealthybecause:DataLayerPartiallyDegradedLeadership","dn":"subj-[topology/pod-1/node-1/av/node-3]/fr-4294967583","domain":"infra","highestSeverity":"critical","id":"4294967583","ind":"modification",
"lc":"soaking","modTs":"never","occur":"1","origSeverity":"critical","prevSeverity":"critical",
"rule":"infra-wi-node-health","severity":"critical","status":"","subject":"controller","type":"operational"}
Event Record Event
[Cisco_ACI_Event_Record]: {"attributes":{"affected":"topology/pod-1/node-2/lon/svc-ifc_dhcpd","cause":"state-change","changeSet":"id:ifc_dhcpd,leCnnct:undefined,leNonOptCnt:undefined,leNotCnnct:undefined,name:ifc_dhcpd","childAction":"","code":"E4204979","created":"2016-09-05T07:57:37.024+00:00","descr":"Allshardsofserviceifc_dhcpdhaveconnectivitytotheleaderreplicaintheCluster.","dn":"subj-[topology/pod-1/node-2/lon/svc-ifc_dhcpd]/rec-8589934722","id":"8589934722","ind":"state-transition","modTs":"never","severity":"info","status":"","trig":"oper","txId":
"18374686479671623682","user":"internal"}
Log Record Event
[Cisco_ACI_Log_Record]: {"attributes":{"affected":"uni/userext/user-admin","cause":"unknown","changeSet":"","childAction":"","clientTag":"","code":"generic","created"
:"2016-09-05T07:56:25.825+00:00","descr":"From-198.18.134.150-client-type-REST-
Success","dn":"subj-[uni/userext/user-admin]/sess-4294967297","id":"4294967297","ind":"special","modTs":"never","severity":"info","status":"","systemId":"1","trig":
"login,session","txId":"0","user":"admin"}
Configuration Change Event
[Cisco_ACI_Configuration_Chang]: {"attributes":{"affected":"uni/tn-CliQr/out-CliQr-Prod-L3Out/instP-CliQr-Prod-L3Out-EPG/rscustQosPol","cause":"transition","changeSet":"","childAction":"","clientTag":"","code":"E4206266",
"created":"2016-09-05T07:56:27.099+00:00","descr":"RsCustQosPolcreated","dn":"subj-[uni/tn-CliQr/out-CliQr-Prod-L3Out/instP-CliQr-Prod-L3Out-EPG/rscustQosPol]/mod-4294967308","id":"4294967308","ind":"creation","modTs":"never","severity":"info","status":"","trig":"config","txId":
"7493989779944505526","user":"admin"}}