Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Cisco Application Centric Infrastructure (ACI)

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
Cisco APIC API (REST)   Overall Health, Tenant Health, Node Health, Cluster Health, Application Health, EPG health, Fault Record, Event record, Log Record, Configuration Change Availability and Performance Monitoring

Event Types

Go to ADMIN > Device Support > Event Types and search for "Cisco_ACI".

Rules

Go to RESOURCES > Rules and search for "Cisco ACI" in the main content panel Search... field.

Reports

Go to RESOURCES > Reports and search for "Cisco ACI" in the main content panel Search... field.

Configuration

Cisco ACI Configuration

Please configure Cisco ACI Appliance so that FortiSIEM can access it via APIC API.

FortiSIEM Configuration
  1. Go to ADMIN > Setup > Credentials.
  2. In Step 1: Enter Credentials, click New and create a credential.

    Settings Description
    Name Enter a name for the credential.
    Device Type CISCO CISCO ACI
    Access Protocol Cisco APIC API
    Pull Interval 5 minutes
    Port 443
    Password config See Password Configuration
    User Name User name for device access
    Password Password for the various REST APIs
    Description Password for the various REST APIs
  3. In Step 2: Enter IP Range to Credential Associations click New and create the association.
    1. IP - specify the IP address of the ACI Controller
    2. Credential - specify the Name as in 2a
  4. Test Connectivity - Click the Test drop-down list, and select Test Connectivity with or without ping and make sure the test succeeds
  5. Check Pull Events, located by navigating to ADMIN > Setup > Pull Events, to make sure that a event pulling entry is created

Sample Events

Overall Health Event
[Cisco_ACI_Overall_Health]: {"attributes":{"childAction":"","cnt":"29","dn":"topology/HDfabricOverallHealth5min0","healthAvg":"82","healthMax":"89",
"healthMin":"0","healthSpct":"0","healthThr":"","healthTr":"1","index":"0","lastCollOffset":"290","repIntvEnd":"2016-09-05T08:13:53.232+00:00","repIntvStart":"2016-09-05T08:09:03.128+00:00","status":""}}
Tenant Health Event
[Cisco_ACI_Tenant_Health]: {"attributes":{"childAction":"","descr":"","dn":"uni/tn-CliQr","lcOwn":"local","modTs":"2016-09-05T07:56:27.164+00:00","monPolDn":"uni/tn-common/monepg-default","name":"CliQr","ownerKey":"","ownerTag":"","status":"","uid":"15374"},"children":[{"healthInst":{"attributes":{"childAction":"","chng":"0","cur":"100","maxSev":"cleared","prev":"100","rn":"health","status":"",
"twScore":"100","updTs":"2016-09-05T08:27:03.584+00:00"}}}]
Nodes Health Event
[Cisco_ACI_Node_Health]: {"attributes":{"address":"10.0.208.95","childAction":"","configIssues":"","currentTime":"2016-09-05T08:15:51.794+00:00","dn":"topology/pod-1/node-101/sys","fabricId":"1","fabricMAC":"00:22:BD:F8:19:FF","id":"101","inbMgmtAddr":"0.0.0.0",
"inbMgmtAddr6":"0.0.0.0","lcOwn":"local","modTs":"2016-09-05T07:57:29.435+00:00",
"mode":"unspecified","monPolDn":"uni/fabric/monfab-default","name":"Leaf1","oobMgmtAddr":"0.0.0.0","oobMgmtAddr6":"0.0.0.0","podId":"1","role"
:"leaf","serial":"TEP-1-101","state":"in-service","status":"","systemUpTime":"00:00:27:05.000"},"children":[{"healthInst":{"attributes":{"childAction":"","chng":"-10","cur":"90","maxSev":"cleared","prev":"100","rn":"health","status":"","twScore":"90","updTs":"2016-09-05T07:50:08.415+00:00"}}}]
Cluster Health Event
[Cisco_ACI_Cluster_Health]: {"attributes":{"addr":"10.0.0.1","adminSt":"in-service","chassis":"10220833-ea00-3bb3-93b2-ef1e7e645889","childAction":"","cntrlSbstState":"approved","dn":"topology/pod-1/node-1/av/node-1","health":"fully-fit","id":"1","lcOwn":"local","mbSn":"TEP-1-1","modTs":"2016-09-05T08:00:46.797+00:00","monPolDn":"","mutnTs":"2016-09-05T07:50:19.570+00:00","name":"","nodeName":"apic1","operSt":"available","status":"","uid":"0"}
Application Health Event
[Cisco_ACI_Application_Health]: {"attributes":{"childAction":"","descr":"","dn":"uni/tn-infra/ap-access","lcOwn":"local","modTs":"2016-09-07T08:17:20.503+00:00","monPolDn":"uni/tn-common/monepg-default","name":"access","ownerKey":"","ownerTag":"","prio":"unspecified","status":"","uid":"0"},
"children":[{"healthInst":{"attributes":{"childAction":"","chng":"0","cur":"100","maxSev":"cleared","prev":"100","rn":"health","status":"","twScore":
"100","updTs":"2016-09-07T08:39:35.531+00:00"}}}]}
EPG Health Event
[Cisco_ACI_EPG_Health]: {"attributes":{"childAction":"","configIssues":"","configSt":"applied","descr":"","dn":"uni/tn-infra/ap-access/epg-default","isAttrBasedEPg":"no","lcOwn":"local","matchT":"AtleastOne","modTs":"2016-09-07T08:17:20.503+00:00","monPolDn":"uni/tn-common/monepg-default","name":"default","pcEnfPref":"unenforced","pcTag":"16386","prio":"unspecified",
"scope":"16777199","status":"","triggerSt":"triggerable","txId":"5764607523034234882","uid":"0"},"children":[{"healthInst":{"attributes":{"childAction":"","chng":"0","cur":"100","maxSev":"cleared","prev":"100","rn":"health","status":"",
"twScore":"100","updTs":"2016-09-07T08:39:35.549+00:00"}}}]
Fault Record Event
[Cisco_ACI_Fault_Record]: ,"created":"2016-09-05T08:00:41.313+00:00","delegated":"no","delegatedFrom":"","descr":
"Controller3isunhealthybecause:DataLayerPartiallyDegradedLeadership","dn":"subj-[topology/pod-1/node-1/av/node-3]/fr-4294967583","domain":"infra","highestSeverity":"critical","id":"4294967583","ind":"modification",
"lc":"soaking","modTs":"never","occur":"1","origSeverity":"critical","prevSeverity":"critical",
"rule":"infra-wi-node-health","severity":"critical","status":"","subject":"controller","type":"operational"}
Event Record Event
[Cisco_ACI_Event_Record]: {"attributes":{"affected":"topology/pod-1/node-2/lon/svc-ifc_dhcpd","cause":"state-change","changeSet":"id:ifc_dhcpd,leCnnct:undefined,leNonOptCnt:undefined,leNotCnnct:undefined,name:ifc_dhcpd","childAction":"","code":"E4204979","created":"2016-09-05T07:57:37.024+00:00","descr":"Allshardsofserviceifc_dhcpdhaveconnectivitytotheleaderreplicaintheCluster.","dn":"subj-[topology/pod-1/node-2/lon/svc-ifc_dhcpd]/rec-8589934722","id":"8589934722","ind":"state-transition","modTs":"never","severity":"info","status":"","trig":"oper","txId":
"18374686479671623682","user":"internal"}
Log Record Event
[Cisco_ACI_Log_Record]: {"attributes":{"affected":"uni/userext/user-admin","cause":"unknown","changeSet":"","childAction":"","clientTag":"","code":"generic","created"
:"2016-09-05T07:56:25.825+00:00","descr":"From-198.18.134.150-client-type-REST-
Success","dn":"subj-[uni/userext/user-admin]/sess-4294967297","id":"4294967297","ind":"special","modTs":"never","severity":"info","status":"","systemId":"1","trig":
"login,session","txId":"0","user":"admin"}
Configuration Change Event
[Cisco_ACI_Configuration_Chang]: {"attributes":{"affected":"uni/tn-CliQr/out-CliQr-Prod-L3Out/instP-CliQr-Prod-L3Out-EPG/rscustQosPol","cause":"transition","changeSet":"","childAction":"","clientTag":"","code":"E4206266",
"created":"2016-09-05T07:56:27.099+00:00","descr":"RsCustQosPolcreated","dn":"subj-[uni/tn-CliQr/out-CliQr-Prod-L3Out/instP-CliQr-Prod-L3Out-EPG/rscustQosPol]/mod-4294967308","id":"4294967308","ind":"creation","modTs":"never","severity":"info","status":"","trig":"config","txId":
"7493989779944505526","user":"admin"}}

 

Cisco Application Centric Infrastructure (ACI)

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
Cisco APIC API (REST)   Overall Health, Tenant Health, Node Health, Cluster Health, Application Health, EPG health, Fault Record, Event record, Log Record, Configuration Change Availability and Performance Monitoring

Event Types

Go to ADMIN > Device Support > Event Types and search for "Cisco_ACI".

Rules

Go to RESOURCES > Rules and search for "Cisco ACI" in the main content panel Search... field.

Reports

Go to RESOURCES > Reports and search for "Cisco ACI" in the main content panel Search... field.

Configuration

Cisco ACI Configuration

Please configure Cisco ACI Appliance so that FortiSIEM can access it via APIC API.

FortiSIEM Configuration
  1. Go to ADMIN > Setup > Credentials.
  2. In Step 1: Enter Credentials, click New and create a credential.

    Settings Description
    Name Enter a name for the credential.
    Device Type CISCO CISCO ACI
    Access Protocol Cisco APIC API
    Pull Interval 5 minutes
    Port 443
    Password config See Password Configuration
    User Name User name for device access
    Password Password for the various REST APIs
    Description Password for the various REST APIs
  3. In Step 2: Enter IP Range to Credential Associations click New and create the association.
    1. IP - specify the IP address of the ACI Controller
    2. Credential - specify the Name as in 2a
  4. Test Connectivity - Click the Test drop-down list, and select Test Connectivity with or without ping and make sure the test succeeds
  5. Check Pull Events, located by navigating to ADMIN > Setup > Pull Events, to make sure that a event pulling entry is created

Sample Events

Overall Health Event
[Cisco_ACI_Overall_Health]: {"attributes":{"childAction":"","cnt":"29","dn":"topology/HDfabricOverallHealth5min0","healthAvg":"82","healthMax":"89",
"healthMin":"0","healthSpct":"0","healthThr":"","healthTr":"1","index":"0","lastCollOffset":"290","repIntvEnd":"2016-09-05T08:13:53.232+00:00","repIntvStart":"2016-09-05T08:09:03.128+00:00","status":""}}
Tenant Health Event
[Cisco_ACI_Tenant_Health]: {"attributes":{"childAction":"","descr":"","dn":"uni/tn-CliQr","lcOwn":"local","modTs":"2016-09-05T07:56:27.164+00:00","monPolDn":"uni/tn-common/monepg-default","name":"CliQr","ownerKey":"","ownerTag":"","status":"","uid":"15374"},"children":[{"healthInst":{"attributes":{"childAction":"","chng":"0","cur":"100","maxSev":"cleared","prev":"100","rn":"health","status":"",
"twScore":"100","updTs":"2016-09-05T08:27:03.584+00:00"}}}]
Nodes Health Event
[Cisco_ACI_Node_Health]: {"attributes":{"address":"10.0.208.95","childAction":"","configIssues":"","currentTime":"2016-09-05T08:15:51.794+00:00","dn":"topology/pod-1/node-101/sys","fabricId":"1","fabricMAC":"00:22:BD:F8:19:FF","id":"101","inbMgmtAddr":"0.0.0.0",
"inbMgmtAddr6":"0.0.0.0","lcOwn":"local","modTs":"2016-09-05T07:57:29.435+00:00",
"mode":"unspecified","monPolDn":"uni/fabric/monfab-default","name":"Leaf1","oobMgmtAddr":"0.0.0.0","oobMgmtAddr6":"0.0.0.0","podId":"1","role"
:"leaf","serial":"TEP-1-101","state":"in-service","status":"","systemUpTime":"00:00:27:05.000"},"children":[{"healthInst":{"attributes":{"childAction":"","chng":"-10","cur":"90","maxSev":"cleared","prev":"100","rn":"health","status":"","twScore":"90","updTs":"2016-09-05T07:50:08.415+00:00"}}}]
Cluster Health Event
[Cisco_ACI_Cluster_Health]: {"attributes":{"addr":"10.0.0.1","adminSt":"in-service","chassis":"10220833-ea00-3bb3-93b2-ef1e7e645889","childAction":"","cntrlSbstState":"approved","dn":"topology/pod-1/node-1/av/node-1","health":"fully-fit","id":"1","lcOwn":"local","mbSn":"TEP-1-1","modTs":"2016-09-05T08:00:46.797+00:00","monPolDn":"","mutnTs":"2016-09-05T07:50:19.570+00:00","name":"","nodeName":"apic1","operSt":"available","status":"","uid":"0"}
Application Health Event
[Cisco_ACI_Application_Health]: {"attributes":{"childAction":"","descr":"","dn":"uni/tn-infra/ap-access","lcOwn":"local","modTs":"2016-09-07T08:17:20.503+00:00","monPolDn":"uni/tn-common/monepg-default","name":"access","ownerKey":"","ownerTag":"","prio":"unspecified","status":"","uid":"0"},
"children":[{"healthInst":{"attributes":{"childAction":"","chng":"0","cur":"100","maxSev":"cleared","prev":"100","rn":"health","status":"","twScore":
"100","updTs":"2016-09-07T08:39:35.531+00:00"}}}]}
EPG Health Event
[Cisco_ACI_EPG_Health]: {"attributes":{"childAction":"","configIssues":"","configSt":"applied","descr":"","dn":"uni/tn-infra/ap-access/epg-default","isAttrBasedEPg":"no","lcOwn":"local","matchT":"AtleastOne","modTs":"2016-09-07T08:17:20.503+00:00","monPolDn":"uni/tn-common/monepg-default","name":"default","pcEnfPref":"unenforced","pcTag":"16386","prio":"unspecified",
"scope":"16777199","status":"","triggerSt":"triggerable","txId":"5764607523034234882","uid":"0"},"children":[{"healthInst":{"attributes":{"childAction":"","chng":"0","cur":"100","maxSev":"cleared","prev":"100","rn":"health","status":"",
"twScore":"100","updTs":"2016-09-07T08:39:35.549+00:00"}}}]
Fault Record Event
[Cisco_ACI_Fault_Record]: ,"created":"2016-09-05T08:00:41.313+00:00","delegated":"no","delegatedFrom":"","descr":
"Controller3isunhealthybecause:DataLayerPartiallyDegradedLeadership","dn":"subj-[topology/pod-1/node-1/av/node-3]/fr-4294967583","domain":"infra","highestSeverity":"critical","id":"4294967583","ind":"modification",
"lc":"soaking","modTs":"never","occur":"1","origSeverity":"critical","prevSeverity":"critical",
"rule":"infra-wi-node-health","severity":"critical","status":"","subject":"controller","type":"operational"}
Event Record Event
[Cisco_ACI_Event_Record]: {"attributes":{"affected":"topology/pod-1/node-2/lon/svc-ifc_dhcpd","cause":"state-change","changeSet":"id:ifc_dhcpd,leCnnct:undefined,leNonOptCnt:undefined,leNotCnnct:undefined,name:ifc_dhcpd","childAction":"","code":"E4204979","created":"2016-09-05T07:57:37.024+00:00","descr":"Allshardsofserviceifc_dhcpdhaveconnectivitytotheleaderreplicaintheCluster.","dn":"subj-[topology/pod-1/node-2/lon/svc-ifc_dhcpd]/rec-8589934722","id":"8589934722","ind":"state-transition","modTs":"never","severity":"info","status":"","trig":"oper","txId":
"18374686479671623682","user":"internal"}
Log Record Event
[Cisco_ACI_Log_Record]: {"attributes":{"affected":"uni/userext/user-admin","cause":"unknown","changeSet":"","childAction":"","clientTag":"","code":"generic","created"
:"2016-09-05T07:56:25.825+00:00","descr":"From-198.18.134.150-client-type-REST-
Success","dn":"subj-[uni/userext/user-admin]/sess-4294967297","id":"4294967297","ind":"special","modTs":"never","severity":"info","status":"","systemId":"1","trig":
"login,session","txId":"0","user":"admin"}
Configuration Change Event
[Cisco_ACI_Configuration_Chang]: {"attributes":{"affected":"uni/tn-CliQr/out-CliQr-Prod-L3Out/instP-CliQr-Prod-L3Out-EPG/rscustQosPol","cause":"transition","changeSet":"","childAction":"","clientTag":"","code":"E4206266",
"created":"2016-09-05T07:56:27.099+00:00","descr":"RsCustQosPolcreated","dn":"subj-[uni/tn-CliQr/out-CliQr-Prod-L3Out/instP-CliQr-Prod-L3Out-EPG/rscustQosPol]/mod-4294967308","id":"4294967308","ind":"creation","modTs":"never","severity":"info","status":"","trig":"config","txId":
"7493989779944505526","user":"admin"}}