Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Dell N-Series Switch

Support Added: FortiSIEM 4.7.2

Last Modification: FortiSIEM 6.3.1

Vendor Version Tested: Not Provided

 

Vendor: Dell

Product Information: www.dell.com

 

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP (V1, V2c) Host name, software version, Hardware model, Network interfaces, Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and Performance Monitoring
SNMP (V1, V2c) Hardware Status (Power Supply, Fan) Availability Monitoring
SSH   Configuration Change management

Syslog

 

 

Security and Compliance

Event Types

  • CPU Monitoring: PH_DEV_MON_SYS_CPU_UTIL
  • Memory Monitoring: PH_DEV_MON_SYS_MEM_UTIL
  • Interface Utilization: PH_DEV_MON_NET_INTF_UTIL
  • Hardware Status: PH_DEV_MON_HW_STATUS
  • Configuration Change: PH_DEV_MON_CHANGE_STARTUP_CONFIG
  • Dell-NSeries-Generic
  • Dell-NSeries-Success
  • Dell-NSeries-Failed
  • Dell-NSeries-Link-Up
  • Dell-NSeries-Link-Down
  • Dell-NSeries-Logout
  • Dell-NSeries-Session-Created
  • Dell-NSeries-Temp-Warning
  • Dell-NSeries-Temp-Normal
  • Dell-NSeries-User-Command
  • Dell-NSeries-Invalid-Packet
  • Dell-NSeries-SpanningTree-Change
  • Dell-NSeries-SpanningTree-Learning-To-Forwarding
  • Dell-NSeries-SpanningTree-Learning-To-Blocking
  • Dell-NSeries-SpanningTree-Forwarding-To-Blocking
  • Dell-NSeries-SpanningTree-Blocking-To-Forwarding  

Rules

Availability
  • Network Device Degraded - Lossy Ping Response
  • Network Device Down - no ping response
  • Network Device Interface Flapping
  • Critical Network Device Interface Staying Down
  • Non-critical Network Device Interface Staying Down
  • Network Device Hardware Warning
  • Network Device Hardware Critical
Performance (Fixed Threshold)
  • Network CPU Warning
  • Network CPU Critical
  • Network Memory Warning
  • Network Memory Critical
  • Network Intf Error Warning
  • Network Intf Error Critical
  • Network Intf Util Warning
  • Network Intf Util Critical
Performance (Dynamic Threshold Based on Baselines)
  • Sudden Increase In System CPU Usage
  • Sudden Increase in System Memory Usage
  • Sudden Increase in Network Interface Traffic
  • Sudden Increase in Network Interface Errors
Change
  • Startup Config Change

Reports

Availability
  • Availability: Router/Switch Ping Monitor Statistics
Performance
  • Performance: Top Routers Ranked By CPU Utilization
  • Performance: Top Routers By Memory Utilization
  • Performance: Top Router Network Intf By Util, Error, Discards
  • Top Routers/Switches by Business Hours Network Ping Uptime Pct (Achieved Network Ping SLA)
  • Top Routers/Switches by Business Hours System Uptime Pct (Achieved System SLA)
  • Top Routers/Switches by Network Ping Uptime Pct (Achieved Network Ping SLA)
  • Top Routers/Switches by System Uptime Pct (Achieved System SLA)
  • Top Router Interfaces by Days-since-last-use
Change
  • Change: Router Config Changes Detected Via Login

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.  

Syslog

FortiSIEM processes events from this device via syslog sent by the device. Configure the device to send syslog to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

  • For Syslog Server, or the server where the syslog should be sent, enter the IP address of your FortiSIEM virtual appliance.
  • For Port, enter 514.

The syslog format should be the same as that shown in the example.

Example Syslog

<187> Sep 24 13:17:56 Ashley N3048P Switch Stack  1-1 IPV6[dtlTask]: ip6map.c(3787) 89904 %% Received invalid ip6 packet on Vl1:  TC 0xf3, flow 663552, length 65152, next head 0, hop lim 0, src 8100:c8::f21f:afff:fedf:2080, dst ff02::1:ffdf:2080.
<187>1 Jan  9 16:03:07.000 192.168.0.15-1 DRIVER[117467844]: broad_hpc_drv.c(4362) 230149630 %% Unit: 0 Blk: 3 MMU MTRO PAR generic parity error.

Settings for Access Credentials 

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Dell NSeries
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration

 

Dell N-Series Switch

Support Added: FortiSIEM 4.7.2

Last Modification: FortiSIEM 6.3.1

Vendor Version Tested: Not Provided

 

Vendor: Dell

Product Information: www.dell.com

 

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP (V1, V2c) Host name, software version, Hardware model, Network interfaces, Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and Performance Monitoring
SNMP (V1, V2c) Hardware Status (Power Supply, Fan) Availability Monitoring
SSH   Configuration Change management

Syslog

 

 

Security and Compliance

Event Types

  • CPU Monitoring: PH_DEV_MON_SYS_CPU_UTIL
  • Memory Monitoring: PH_DEV_MON_SYS_MEM_UTIL
  • Interface Utilization: PH_DEV_MON_NET_INTF_UTIL
  • Hardware Status: PH_DEV_MON_HW_STATUS
  • Configuration Change: PH_DEV_MON_CHANGE_STARTUP_CONFIG
  • Dell-NSeries-Generic
  • Dell-NSeries-Success
  • Dell-NSeries-Failed
  • Dell-NSeries-Link-Up
  • Dell-NSeries-Link-Down
  • Dell-NSeries-Logout
  • Dell-NSeries-Session-Created
  • Dell-NSeries-Temp-Warning
  • Dell-NSeries-Temp-Normal
  • Dell-NSeries-User-Command
  • Dell-NSeries-Invalid-Packet
  • Dell-NSeries-SpanningTree-Change
  • Dell-NSeries-SpanningTree-Learning-To-Forwarding
  • Dell-NSeries-SpanningTree-Learning-To-Blocking
  • Dell-NSeries-SpanningTree-Forwarding-To-Blocking
  • Dell-NSeries-SpanningTree-Blocking-To-Forwarding  

Rules

Availability
  • Network Device Degraded - Lossy Ping Response
  • Network Device Down - no ping response
  • Network Device Interface Flapping
  • Critical Network Device Interface Staying Down
  • Non-critical Network Device Interface Staying Down
  • Network Device Hardware Warning
  • Network Device Hardware Critical
Performance (Fixed Threshold)
  • Network CPU Warning
  • Network CPU Critical
  • Network Memory Warning
  • Network Memory Critical
  • Network Intf Error Warning
  • Network Intf Error Critical
  • Network Intf Util Warning
  • Network Intf Util Critical
Performance (Dynamic Threshold Based on Baselines)
  • Sudden Increase In System CPU Usage
  • Sudden Increase in System Memory Usage
  • Sudden Increase in Network Interface Traffic
  • Sudden Increase in Network Interface Errors
Change
  • Startup Config Change

Reports

Availability
  • Availability: Router/Switch Ping Monitor Statistics
Performance
  • Performance: Top Routers Ranked By CPU Utilization
  • Performance: Top Routers By Memory Utilization
  • Performance: Top Router Network Intf By Util, Error, Discards
  • Top Routers/Switches by Business Hours Network Ping Uptime Pct (Achieved Network Ping SLA)
  • Top Routers/Switches by Business Hours System Uptime Pct (Achieved System SLA)
  • Top Routers/Switches by Network Ping Uptime Pct (Achieved Network Ping SLA)
  • Top Routers/Switches by System Uptime Pct (Achieved System SLA)
  • Top Router Interfaces by Days-since-last-use
Change
  • Change: Router Config Changes Detected Via Login

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.  

Syslog

FortiSIEM processes events from this device via syslog sent by the device. Configure the device to send syslog to FortiSIEM as directed in the device's product documentation, and FortiSIEM will parse the contents.

  • For Syslog Server, or the server where the syslog should be sent, enter the IP address of your FortiSIEM virtual appliance.
  • For Port, enter 514.

The syslog format should be the same as that shown in the example.

Example Syslog

<187> Sep 24 13:17:56 Ashley N3048P Switch Stack  1-1 IPV6[dtlTask]: ip6map.c(3787) 89904 %% Received invalid ip6 packet on Vl1:  TC 0xf3, flow 663552, length 65152, next head 0, hop lim 0, src 8100:c8::f21f:afff:fedf:2080, dst ff02::1:ffdf:2080.
<187>1 Jan  9 16:03:07.000 192.168.0.15-1 DRIVER[117467844]: broad_hpc_drv.c(4362) 230149630 %% Unit: 0 Blk: 3 MMU MTRO PAR generic parity error.

Settings for Access Credentials 

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Dell NSeries
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration