Fortinet black logo

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

ISC BIND DNS

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Application type

Process level CPU utilization, Memory utilization

Performance Monitoring

Syslog

Application type

DNS name resolution activity: DNS Query Success and Failure by type

Security Monitoring and compliance

Event Types

In ADMIN > Device Support > Event Types, search for "isc bind" to see the event types associated with this device. 

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.  

Syslog
Configure the ISC BIND DNS Server to Send Syslog
  1. Edit named.conf and add a new line: include /var/named/conf/logging.conf;.
  2. Edit the /var/named/conf/logging.conf file, and in the channel queries_file { } section add syslog local3;
  3. Restart BIND by issuing /etc/init.d/named restart.
Configure Syslog to Send to FortiSIEM
  1. Edit syslog.conf and add a new line: Local7.* @<IP address of the FortiSIEM server>.
  2. Restart the syslog daemon by issuing /etc/init.d/syslog restart.

Settings for Access Credentials

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

SettingValue
Name<set name>
Device TypeGeneric
Access ProtocolSNMP
Community String<your own>

Sample BIND DNS Logs

<158>Jan 28 20:41:46 100.1.1.1 named[3135]: 28-Jan-2010 20:40:28.809 client 192.168.29.18#34065: query: www.google.com IN A +

ISC BIND DNS

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Application type

Process level CPU utilization, Memory utilization

Performance Monitoring

Syslog

Application type

DNS name resolution activity: DNS Query Success and Failure by type

Security Monitoring and compliance

Event Types

In ADMIN > Device Support > Event Types, search for "isc bind" to see the event types associated with this device. 

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.  

Syslog
Configure the ISC BIND DNS Server to Send Syslog
  1. Edit named.conf and add a new line: include /var/named/conf/logging.conf;.
  2. Edit the /var/named/conf/logging.conf file, and in the channel queries_file { } section add syslog local3;
  3. Restart BIND by issuing /etc/init.d/named restart.
Configure Syslog to Send to FortiSIEM
  1. Edit syslog.conf and add a new line: Local7.* @<IP address of the FortiSIEM server>.
  2. Restart the syslog daemon by issuing /etc/init.d/syslog restart.

Settings for Access Credentials

SNMP Access Credentials for All Devices

Use these Access Method Definition settings to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

SettingValue
Name<set name>
Device TypeGeneric
Access ProtocolSNMP
Community String<your own>

Sample BIND DNS Logs

<158>Jan 28 20:41:46 100.1.1.1 named[3135]: 28-Jan-2010 20:40:28.809 client 192.168.29.18#34065: query: www.google.com IN A +