Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Riverbed SteelHead WAN Accelerator

Riverbed SteelHead WAN Accelerator

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP

Host name, Software version, Hardware model, Network interfaces

Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Disk space utilization, Process cpu/memory utilization

Availability and Performance Monitoring

SNMP

Hardware status

Availability and Performance Monitoring

SNMP

Bandwidth metrics: Inbound Optimized Bytes - LAN side, WAN side, Outbound optimized bytes - LAN side and WAN side

Connection metrics: Optimized connections, Passthrough connections, Half-open optimized connections, Half-closed Optimized connections, Established optimized connections, Active optimized connections

Top Usage metrics: Top source (Source IP, Total Bytes), Top destination (Destination IP, Total Bytes), Top Application (TCP/UDP port, Total Bytes), Top Talker (Source IP, Source Port, Destination IP, Destination Port, Total Bytes)

Peer status: For every peer: State, Connection failures, Request timeouts, Max latency

Availability and Performance Monitoring

SNMP Trap

All traps: software errors, hardware errors, admin login, performance issues - cpu, memory, peer latency issues. About 115 traps defined in ADMIN > Device Support > Event. The mapped event types start with "Riverbed-".

Availability, Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "steelhead" to see the event types associated with this device. 

Rules

In RESOURCES > Rules, search for "steelhead" in the main content panel Search... field to see the rules associated with this device. 

Reports

There are no predefined reports for this device. 

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

SNMP Trap

FortiSIEM processes events from this device via SNMP traps sent by the device. Configure the device to send send SNMP traps to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Riverbed Steelhead
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration
Riverbed SteelHead WAN Accelerator

Riverbed SteelHead WAN Accelerator

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP

Host name, Software version, Hardware model, Network interfaces

Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Disk space utilization, Process cpu/memory utilization

Availability and Performance Monitoring

SNMP

Hardware status

Availability and Performance Monitoring

SNMP

Bandwidth metrics: Inbound Optimized Bytes - LAN side, WAN side, Outbound optimized bytes - LAN side and WAN side

Connection metrics: Optimized connections, Passthrough connections, Half-open optimized connections, Half-closed Optimized connections, Established optimized connections, Active optimized connections

Top Usage metrics: Top source (Source IP, Total Bytes), Top destination (Destination IP, Total Bytes), Top Application (TCP/UDP port, Total Bytes), Top Talker (Source IP, Source Port, Destination IP, Destination Port, Total Bytes)

Peer status: For every peer: State, Connection failures, Request timeouts, Max latency

Availability and Performance Monitoring

SNMP Trap

All traps: software errors, hardware errors, admin login, performance issues - cpu, memory, peer latency issues. About 115 traps defined in ADMIN > Device Support > Event. The mapped event types start with "Riverbed-".

Availability, Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "steelhead" to see the event types associated with this device. 

Rules

In RESOURCES > Rules, search for "steelhead" in the main content panel Search... field to see the rules associated with this device. 

Reports

There are no predefined reports for this device. 

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

SNMP Trap

FortiSIEM processes events from this device via SNMP traps sent by the device. Configure the device to send send SNMP traps to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Riverbed Steelhead
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration