Fortinet black logo

External Systems Configuration Guide

Cisco Network Compliance Manager

Cisco Network Compliance Manager

What is Discovered and Monitored

Protocol

Information discovered

Metrics/Logs collected

Used for

Syslog Network device software update, configuration analysis for compliance, admin login Log analysis and compliance

Event Types

Over 40 event types are generated by parsing Cisco Network Configuration Manager logs. The complete list can be found in ADMIN > Device Support > Event Types by searching for "Cisco-NCM". Some important ones are

  • Cisco-NCM-Device-Software-Change
  • Cisco-NCM-Software-Update-Succeeded
  • Cisco-NCM-Software-Update-Failed
  • Cisco-NCM-Policy-Non-Compliance
  • Cisco-NCM-Device-Configuration-Deployment
  • Cisco-NCM-Device-Configuration-Deployment-Failure

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

Example Syslog

Note that each JSON formatted syslog contains many logs.

490998571 Mon Mar 03 03:09:31 EST 2014 Savvy Device Command Script Completed Successfully server01.foo.com 10.4.161.32 Script 'Re-enable EasyTech port for Cisco IOS configuration' completed.  Connect - Succeeded Connected via ssh to 10.170.30.9 [in realm Default Realm]    Login / Authentication - Succeeded Successfully used: Last successful password  (Password rule Retail TACACS NCM Login)    Optional:Script - Succeeded Successfully executed: prepare configuration for deployment  Script - Succeeded Successfully executed: deploy to running configuration via TFTP through CLI Bypassed: deploy to running configuration via SCP through CLI.  (Requires SCP, CLI to be enabled.) Tried: deploy to running configuration via FTP through CLI (Warning: SSH server username or password not specified in NA admin settings.)  Optional:Script - Succeeded Successfully executed: determine result of deployment operation  Script run: ------------------------------------------------------------ ! interface fast0/16 no shut

491354611 Tue Mar 04 03:38:22 EST 2014 FooA Software Update Succeeded server01.foo.com 1.1.1.32  44571 10.173.30.9 $OrignatorEmail$ FooA Update Device Software 2014-03-04 03:30:00.0 usmist_1699295009 (1.13.3.9) Succeeded

Cisco Network Compliance Manager

What is Discovered and Monitored

Protocol

Information discovered

Metrics/Logs collected

Used for

Syslog Network device software update, configuration analysis for compliance, admin login Log analysis and compliance

Event Types

Over 40 event types are generated by parsing Cisco Network Configuration Manager logs. The complete list can be found in ADMIN > Device Support > Event Types by searching for "Cisco-NCM". Some important ones are

  • Cisco-NCM-Device-Software-Change
  • Cisco-NCM-Software-Update-Succeeded
  • Cisco-NCM-Software-Update-Failed
  • Cisco-NCM-Policy-Non-Compliance
  • Cisco-NCM-Device-Configuration-Deployment
  • Cisco-NCM-Device-Configuration-Deployment-Failure

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

Example Syslog

Note that each JSON formatted syslog contains many logs.

490998571 Mon Mar 03 03:09:31 EST 2014 Savvy Device Command Script Completed Successfully server01.foo.com 10.4.161.32 Script 'Re-enable EasyTech port for Cisco IOS configuration' completed.  Connect - Succeeded Connected via ssh to 10.170.30.9 [in realm Default Realm]    Login / Authentication - Succeeded Successfully used: Last successful password  (Password rule Retail TACACS NCM Login)    Optional:Script - Succeeded Successfully executed: prepare configuration for deployment  Script - Succeeded Successfully executed: deploy to running configuration via TFTP through CLI Bypassed: deploy to running configuration via SCP through CLI.  (Requires SCP, CLI to be enabled.) Tried: deploy to running configuration via FTP through CLI (Warning: SSH server username or password not specified in NA admin settings.)  Optional:Script - Succeeded Successfully executed: determine result of deployment operation  Script run: ------------------------------------------------------------ ! interface fast0/16 no shut

491354611 Tue Mar 04 03:38:22 EST 2014 FooA Software Update Succeeded server01.foo.com 1.1.1.32  44571 10.173.30.9 $OrignatorEmail$ FooA Update Device Software 2014-03-04 03:30:00.0 usmist_1699295009 (1.13.3.9) Succeeded