Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

IBM AIX Server

IBM AIX Server

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP Host name, generic hardware (cpu, memory, network interface, disk), software (operating system version, installed software, running processes, open TCP/UDP ports) Uptime, CPU/Memory/Network Interface/Disk space utilization, Network Interface Errors, Running Process Count, Installed Software change, Running process CPU/memory utilization, Running process start/stop, TCP/UDP port up/down Performance Monitoring
SSH Hardware (cpu details, memory) Memory paging rate, Disk I/O utilization Performance Monitoring
Syslog Vendor, Model General logs including Authentication Success/Failure, Privileged logons, User/Group Modification Security Monitoring and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "ibm_aix" to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP v1 and v2c
  1. Make sure that snmp libraries are installed. FortiSIEM has been tested to work with the default AIX package that comes with snmpd preinstalled.
  2. Start snmpd deamon with the default configuration by issuing /etc/init.d/snmpd restart.
  3. Make sure that snmpd is running.
SSH
  1. Make sure that the vmstat and iostat commands are available. If not, install these libraries.
  2. Create a user account that can issue vmstat and iostat commands. FortiSIEM will use that user account to log in to the server.
Syslog
  1. Makes sure that /etc/syslog.conf contains a *.* entry and points to a log file.

    . @<SENSORIPADDRESS>
  2. Refresh syslogd.

    # refresh -s syslogd

Settings for Access Credentials

SNMP, Telnet, and SSH Access Credentials for All Devices

See Access Credentials.

LDAP, LDAPS, LDAP Start TLS / OpenLDAP Access Credentials for All Devices
Settings Value
Name <set name>
Device Type IBM AIX
Access Protocol LDAP / LDAPS / LDAP Start TLS
Used For OpenLDAP
Server Port 389 for LDAP, LDAP Start TLS; 636 for LDAPS
Base DN The Distinguished Name (DN) of the starting point for directory server searches
Password Config See Password Configuration
User Name Name of the user able to access this system
Password Password of the user able to access this system

LDAP, LDAPS, LDAP Start TLS / Microsoft Active Directory Access Credentials for All Devices
Settings Value
Name <set name>
Device Type IBM AIX
Access Protocol LDAP / LDAPS / LDAP Start TLS
Used For Microsoft Active Directory
Server Port 389 for LDAP, LDAP Start TLS; 636 for LDAPS
Base DN The Distinguished Name (DN) of the starting point for directory server searches
NetBIOS/Domain The domain name or NetBIOS name attribute
Password Config See Password Configuration
User Name Name of the user able to access this system
Password Password of the user able to access this system

IBM AIX Server

IBM AIX Server

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP Host name, generic hardware (cpu, memory, network interface, disk), software (operating system version, installed software, running processes, open TCP/UDP ports) Uptime, CPU/Memory/Network Interface/Disk space utilization, Network Interface Errors, Running Process Count, Installed Software change, Running process CPU/memory utilization, Running process start/stop, TCP/UDP port up/down Performance Monitoring
SSH Hardware (cpu details, memory) Memory paging rate, Disk I/O utilization Performance Monitoring
Syslog Vendor, Model General logs including Authentication Success/Failure, Privileged logons, User/Group Modification Security Monitoring and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "ibm_aix" to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP v1 and v2c
  1. Make sure that snmp libraries are installed. FortiSIEM has been tested to work with the default AIX package that comes with snmpd preinstalled.
  2. Start snmpd deamon with the default configuration by issuing /etc/init.d/snmpd restart.
  3. Make sure that snmpd is running.
SSH
  1. Make sure that the vmstat and iostat commands are available. If not, install these libraries.
  2. Create a user account that can issue vmstat and iostat commands. FortiSIEM will use that user account to log in to the server.
Syslog
  1. Makes sure that /etc/syslog.conf contains a *.* entry and points to a log file.

    . @<SENSORIPADDRESS>
  2. Refresh syslogd.

    # refresh -s syslogd

Settings for Access Credentials

SNMP, Telnet, and SSH Access Credentials for All Devices

See Access Credentials.

LDAP, LDAPS, LDAP Start TLS / OpenLDAP Access Credentials for All Devices
Settings Value
Name <set name>
Device Type IBM AIX
Access Protocol LDAP / LDAPS / LDAP Start TLS
Used For OpenLDAP
Server Port 389 for LDAP, LDAP Start TLS; 636 for LDAPS
Base DN The Distinguished Name (DN) of the starting point for directory server searches
Password Config See Password Configuration
User Name Name of the user able to access this system
Password Password of the user able to access this system

LDAP, LDAPS, LDAP Start TLS / Microsoft Active Directory Access Credentials for All Devices
Settings Value
Name <set name>
Device Type IBM AIX
Access Protocol LDAP / LDAPS / LDAP Start TLS
Used For Microsoft Active Directory
Server Port 389 for LDAP, LDAP Start TLS; 636 for LDAPS
Base DN The Distinguished Name (DN) of the starting point for directory server searches
NetBIOS/Domain The domain name or NetBIOS name attribute
Password Config See Password Configuration
User Name Name of the user able to access this system
Password Password of the user able to access this system