Fortinet black logo

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Cisco Wide Area Application Server

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP

Host name, Software version, Hardware model, Network interfaces

Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Disk space utilization, Process cpu/memory utilization

Availability and Performance Monitoring

Event Types

Regular monitoring events

  • PH_DEV_MON_SYS_UPTIME

    [PH_DEV_MON_SYS_UPTIME]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,[lineNumber]=1053,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[sysUpTime]=13256948,[sysUpTimePct]=100.000000,[sysDownTime]=0,[pollIntv]=56,[phLogDetail]=
  • PH_DEV_MON_SYS_CPU_UTIL

    [PH_DEV_MON_SYS_UPTIME]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,[lineNumber]=1053,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[sysUpTime]=13256948,[sysUpTimePct]=100.000000,[sysDownTime]=0,[pollIntv]=56,[phLogDetail]=
  • PH_DEV_MON_SYS_MEM_UTIL

    [PH_DEV_MON_SYS_MEM_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,[lineNumber]=9822,[memName]=Physical Memory,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[memUtil]=93.438328,[pollIntv]=176,[phLogDetail]=
  • PH_DEV_MON_SYS_DISK_UTIL

    [PH_DEV_MON_SYS_DISK_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,[lineNumber]=9902,[diskName]=/swstore,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[appTransportProto]=SNMP (hrStorage),[diskUtil]=56.931633,[totalDiskMB]=992,[usedDiskMB]=565,[freeDiskMB]=427,[pollIntv]=176,[phLogDetail]=
  • PH_DEV_MON_SYS_PROC_COUNT

    [PH_DEV_MON_SYS_PROC_COUNT]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,[lineNumber]=11710,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[procCount]=429,[pollIntv]=176,[phLogDetail]=
  • PH_DEV_MON_NET_INTF_UTIL

     [PH_DEV_MON_NET_INTF_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=phIntfFilter.cpp,[lineNumber]=323,[intfName]=GigabitEthernet 1/0,[intfAlias]=,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[pollIntv]=56,[recvBytes64]=0,[recvBitsPerSec]=0.000000,[inIntfUtil]=0.000000,[sentBytes64]=0,[sentBitsPerSec]=0.000000,[outIntfUtil]=0.000000,[recvPkts64]=0,[sentPkts64]=0,[inIntfPktErr]=0,[inIntfPktErrPct]=0.000000,[outIntfPktErr]=0,[outIntfPktErrPct]=0.000000,[inIntfPktDiscarded]=0,[inIntfPktDiscardedPct]=0.000000,[outIntfPktDiscarded]=0,[outIntfPktDiscardedPct]=0.000000,[outQLen64]=0,[intfInSpeed64]=100000000,[intfOutSpeed64]=100000000,[intfAdminStatus]=,[intfOperStatus]=,[daysSinceLastUse]=0,[totIntfPktErr]=0,[totBitsPerSec]=0.000000,[phLogDetail]=
  • PH_DEV_MON_PROC_RESOURCE_UTIL

    [PH_DEV_MON_PROC_RESOURCE_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,[lineNumber]=4320,[swProcName]=syslogd,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[procOwner]=,[memUtil]=0.038191,[cpuUtil]=0.000000,[appName]=Syslog Server,[appGroupName]=Unix Syslog Server,[pollIntv]=116,[swParam]=-s -f /etc/syslog.conf-diamond,[phLogDetail]=

Rules

Regular monitoring rules

Reports

Regular monitoring reports

Configuration

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Cisco WAAS
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration

Cisco Wide Area Application Server

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP

Host name, Software version, Hardware model, Network interfaces

Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Disk space utilization, Process cpu/memory utilization

Availability and Performance Monitoring

Event Types

Regular monitoring events

  • PH_DEV_MON_SYS_UPTIME

    [PH_DEV_MON_SYS_UPTIME]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,[lineNumber]=1053,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[sysUpTime]=13256948,[sysUpTimePct]=100.000000,[sysDownTime]=0,[pollIntv]=56,[phLogDetail]=
  • PH_DEV_MON_SYS_CPU_UTIL

    [PH_DEV_MON_SYS_UPTIME]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,[lineNumber]=1053,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[sysUpTime]=13256948,[sysUpTimePct]=100.000000,[sysDownTime]=0,[pollIntv]=56,[phLogDetail]=
  • PH_DEV_MON_SYS_MEM_UTIL

    [PH_DEV_MON_SYS_MEM_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,[lineNumber]=9822,[memName]=Physical Memory,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[memUtil]=93.438328,[pollIntv]=176,[phLogDetail]=
  • PH_DEV_MON_SYS_DISK_UTIL

    [PH_DEV_MON_SYS_DISK_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,[lineNumber]=9902,[diskName]=/swstore,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[appTransportProto]=SNMP (hrStorage),[diskUtil]=56.931633,[totalDiskMB]=992,[usedDiskMB]=565,[freeDiskMB]=427,[pollIntv]=176,[phLogDetail]=
  • PH_DEV_MON_SYS_PROC_COUNT

    [PH_DEV_MON_SYS_PROC_COUNT]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,[lineNumber]=11710,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[procCount]=429,[pollIntv]=176,[phLogDetail]=
  • PH_DEV_MON_NET_INTF_UTIL

     [PH_DEV_MON_NET_INTF_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=phIntfFilter.cpp,[lineNumber]=323,[intfName]=GigabitEthernet 1/0,[intfAlias]=,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[pollIntv]=56,[recvBytes64]=0,[recvBitsPerSec]=0.000000,[inIntfUtil]=0.000000,[sentBytes64]=0,[sentBitsPerSec]=0.000000,[outIntfUtil]=0.000000,[recvPkts64]=0,[sentPkts64]=0,[inIntfPktErr]=0,[inIntfPktErrPct]=0.000000,[outIntfPktErr]=0,[outIntfPktErrPct]=0.000000,[inIntfPktDiscarded]=0,[inIntfPktDiscardedPct]=0.000000,[outIntfPktDiscarded]=0,[outIntfPktDiscardedPct]=0.000000,[outQLen64]=0,[intfInSpeed64]=100000000,[intfOutSpeed64]=100000000,[intfAdminStatus]=,[intfOperStatus]=,[daysSinceLastUse]=0,[totIntfPktErr]=0,[totBitsPerSec]=0.000000,[phLogDetail]=
  • PH_DEV_MON_PROC_RESOURCE_UTIL

    [PH_DEV_MON_PROC_RESOURCE_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,[lineNumber]=4320,[swProcName]=syslogd,[hostName]=edge.bank.com,[hostIpAddr]=10.19.1.5,[procOwner]=,[memUtil]=0.038191,[cpuUtil]=0.000000,[appName]=Syslog Server,[appGroupName]=Unix Syslog Server,[pollIntv]=116,[swParam]=-s -f /etc/syslog.conf-diamond,[phLogDetail]=

Rules

Regular monitoring rules

Reports

Regular monitoring reports

Configuration

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Cisco WAAS
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration