Quantcast
Channel: Fortinet GURU
Viewing all articles
Browse latest Browse all 2380

FortiSIEM Configuring Routers and Switches

$
0
0
Configuring Routers and Switches

AccelOps supports these routers and switches for discovery and monitoring.

Alcatel TiMOS and AOS Switch Configuration

Arista Router and Switch Configuration

Brocade NetIron CER Routers

Cisco 300 Series Routers

Cisco IOS Router and Switch Configuration

How CPU and Memory Utilization is Collected for Cisco IOS

Cisco Meraki Cloud Controller and Network Devices Configuration

Cisco NX-OS Router and Switch Configuration

Cisco ONS Configuration

Dell Force10 Router and Switch Configuration

Dell NSeries Switch Configuration

Dell PowerConnect Switch and Router Configuration

Foundry Networks IronWare Router and Switch Configuration

HP/3Com ComWare Switch Configuration

HP ProCurve Switch Configuration

HP Value Series (19xx) and HP 3Com (29xx) Switch Configuration

Juniper Networks JunOS Switch Configuration

Mikrotek Router Configuration

Nortel ERS and Passport Switch Configuration

 

 

 

 

 

 

Alcatel TiMOS and AOS Switch Configuration

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for  
SNMP

(V1, V2c)

Host name, Software version, Hardware model, Network interfaces, Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and

Performance

Monitoring

SNMP

(V1, V2c)

  Hardware status: Power Supply, Fan, Temperature Availability
SNMP (V1, V2c,

V3)

Layer 2 port mapping: associating switch ports to directly connected host IP/MAC addresses   Identity and location table; Topology  

 

Event Types

In CMDB > Event Types, search for “alcatel” in the Device Type and Description columns to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

 

Arista Router and Switch Configuration

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for
SNMP (V1,

V2c)

Host name, Serial number, Software version, Hardware model, Network interfaces, Hardware Components Uptime, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), CPU utilization, Memory utilization, Flash utilization, Hardware Status Availability and

Performance

Monitoring

Telnet/SSH Running and Startup configurations Startup Configuration Change, Difference between Running and Startup configurations Change

monitoring

Event Types

There are no event types defined specifically for this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Telnet/SSH

AccelOps uses Telnet/SSH to communicate with this device. Refer to the product documentation for your device to enable Telnet/SSH.

These commands are used for discovery and performance monitoring via SSH. Please make sure that the access credentials you provide in AccelOps have the permissions necessary to execute these commands on the device.

  1. show startup-config
  2. show running-config
  3. show version
  4. show ip route
  5. enable
  6. terminal pager 0

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation.

You can now configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.

Settings for Access Credentials

Brocade NetIron CER Routers

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for
SNMP

(V1, V2c)

Host name, software version, Hardware model, Network interfaces CPU, Memory, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Hardware Status, Real Server

Status

Availability and

Performance

Monitoring

Event Types

There are no event types defined specifically for this device.

Rules

There are no predefined rules specifically for this device.

Reports

There are no predefined reports specifically for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

Cisco 300 Series Routers

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for
SNMP

(V1, V2c)

Host name, software version, Hardware model, Network interfaces Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and

Performance

Monitoring

Event Types

There are no event types defined specifically for this device.

Rules

There are no predefined rules specifically for this device.

Reports

There are no predefined reports specifically for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

Protocol Information Discovered Metrics collected Used for
SNMP (V1,

V2c, V3)

Host name, IOS version, Hardware model, Memory size, Network interface details – name, address, mask and description Uptime, CPU and Memory utilization, Free processor and I/O memory, Free contiguous processor and I/O memory, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Availability

and

Performance

Monitoring

SNMP (V1,

V2c, V3)

Hardware component details: serial number, model, manufacturer, software firmware versions of hardware components such as chassis, CPU, fan, power supply, network cards etc. Hardware health: temperature, fan and power supply Availability
SNMP (V1,

V2c, V3)

Trunk port connectivity between switches and VLANs carried over a trunk port, End host Layer 2 port mapping: switch interface to VLAN id, end host IP/MAC address association   Topology and end-host location
SNMP (V1,

V2c, V3)

BGP connectivity, neighbors, state, AS number BGP state change Routing

Topology,

Availability

Monitoring

SNMP (V1,

V2c, V3)

OSPF connectivity, neighbors, state,

OSPF Area

OSPF state change Routing

Topology,

Availability

Monitoring

SNMP (V1,

V2c, V3)

  IP SLA and VoIP performance metrics: Max/Min/Avg Delay and Jitter – both overall and Source->Destination and Destination->Source, Packets Lost – both overall and Source->Destination and Destination->Source, Packets Missing in Action, Packets

Late, Packets out of sequence, VoIP Mean Opinion Score (MOS), VoIP Calculated Planning Impairment Factor (ICPIF) score

VoIP

Performance

Monitoring

SNMP (V1,

V2c, V3)

  Class based QoS metrics (from CISCO-CLASS-BASED-QOS-MIB): For (router interface, policy, class map) tuple: class map metrics including Pre-policy rate, post-police rate, drop rate and drop pct; police action metrics including conform rate, exceeded rate and violated rate; queue metrics including current queue length, max queue length and discarded packets QoS

performance monitoring

SNMP (V1,

V2c, V3)

  NBAR metrics (from CISCO-NBAR-PROTOCOL-DISCOVERY-MIB): For each

interface and application, sent/receive flows, sent/receive bytes, sent/receive bits/sec

Performance

Monitoring

Telnet/SSH Running and startup configuration,

Image file name, Flash memory size,

Running processes

Startup configuration change, delta between running and startup configuration, Running process CPU and memory utilization Performance

Monitoring,

Security and

Compliance

Syslog Device type System logs and traffic logs matching acl statements Availability,

Security and

Compliance

Event Types

Performance Monitoring events

Configuration change events

Syslog events

In CMDB > Event Types, search for “cisco_os” in the Description column to see the event types associated with this device.

Rules

 Performance Monitoring rules

Configuration change rules

Other rules

Reports

Performance Monitoring Reports

Configuration change Reports

Other Reports

Configuration

Telnet/SSH

AccelOps uses SSH and Telnet to communicate with your device. Follow the instructions in the product documentation for your device to enable SSH and Telnet.

These commands are used for discovery and performance monitoring via SSH. Please make sure that the access credentials you provide in AccelOps have the permissions necessary to execute these commands on the device.

  1. show startup-config
  2. show running-config
  3. show version
  4. show flash
  5. show ip route
  6. show mac-address-table or show mac address-table
  7. show vlan brief
  8. show process cpu
  9. show process mem
  10. show disk0
  11. enable
  12. terminal pager 0

SNMP

SNMP V1/V2c

  1. Log in to the Cisco IOS console or telnet to the device.
  2. Enter configuration mode.

SNMP V3

  1. Log in to the Cisco IOS console or telnet to the device.
  2. Enter configuration mode.
  3. Exit configuration mode.

Syslog

  1. Login to the Cisco IOS console or telnet to the device.
  2. Enter configuration mode.

Sample Cisco IOS Syslog Messages

 

NetFlow

Enable NetFlow on the Router

  1. Enter configuration mode.
  2. For every interface, run this command.

Set Up NetFlow Export

  1. Enter configuration mode.
  2. Run these commands.

On MLS switches, such as the 6500 or 7200 models, also run these commands.

You can verify that you have set up NetFlow correctly by running these commands.

Sample Flexible Netflow Configuration in IOS

IP SLA

IP SLA is a technology where a pair of routers can run synthetic tests between themselves and report detailed traffic statistics. This enables network administrators to get performance reports between sites without depending on end-host instrumentation.

Cisco provides detailed documents for configuring IP SLA for both general traffic and VoIP.

A variety of IP SLA tests can be run, for example UDP/ICMP Jitter, UDP Jitter for VoIP, UDP/ICMP Echo, TCP Connect, HTTP, etc. You can see the traffic statistics for these these tests by routing appropriate Show commands on the router. However, only these IP SLA tests are exported via

RTT-MON SNMP MIB.

UDP Jitter (reported by AccelOps event type PH_DEV_MON_IPSLA_MET)

UDP Jitter for VoIP (reported by AccelOps event type PH_DEV_MON_IPSLA_VOIP_MET)

HTTP performance (reported by AccelOps event type PH_DEV_MON_IPSLA_HTTP_MET)

ICMP Echo (reported by AccelOps event type PH_DEV_MON_IPSLA_ICMP_MET) UDP Echo (reported by AccelOps event type PH_DEV_MON_IPSLA_UDP_MET)

These are the only IP SLA tests monitored by AccelOps.

Configuring IP SLA involves choosing and configuring a router to initiate the test and a router to respond. The test statistics are automatically reported by the initiating router via SNMP, so no additional configuration is required. Bi-directional traffic statistics are also reported by the initiating router, so you don’t need to set up a reverse test between the original initiating and responding routers.  AccelOps automatically detects the presence of the IP SLA SNMP MIB (CISCO-RTTMON-MIB) and starts collecting the statistics. Configuring IP SLA Initiator for UDP Jitter

 

 

Class-Based QoS

CBQoS enables routers to enforce traffic dependent Quality of Service policies on router interfaces for to make sure that important traffic such as VoIP and mission critical applications get their allocated network resources.

Cisco provides detailed documents for configuring IP SLA for both general traffic and VoIP,

The CbQoS statistics are automatically reported by the router via SNMP, so no additional configuration is needs. AccelOps detects the presence of valid CBQoS MIBs and starts monitoring them.

NBAR

Cisco provides protocol discovery via NBAR configuration guide.

Make sure that the CISCO-NBAR-PROTOCOL-DISCOVERY-MIB is enabled.

Sample event generated by AccelOps

[PH_DEV_MON_CISCO_NBAR_STAT]:[eventSeverity]=PHL_INFO,[fileName]=deviceC isco.cpp,[lineNumber]=1644,[hostName]=R1.r1.accelops.com,[hostIpAddr]=10 .1.20.59,[intfName]=Ethernet0/0,[appTransportProto]=snmp,[totFlows]=4752

,[recvFlows]=3168,[sentFlows]=1584,[totBytes64]=510127,[recvBytes64]=277

614,[sentBytes64]=232513,[totBitsPerSec]=22528.000000,[recvBitsPerSec]=1

2288.000000,[sentBitsPerSec]=10240.000000,[phLogDetail]=

 

Settings for Access Credentials

How CPU and Memory Utilization is Collected for Cisco IOS

AccelOps follows the process for collecting information about CPU utlization that is recommended by Cisco.

Monitoring CPU

Monitoring Memory using PROCESS-MIB

Monitoring CPU

The OID is 1.3.6.1.4.1.9.9.109.1.1.1.1.8. The issue there are multiple CPUs – which ones to take? A sample SNMP walk for this OID looks like this

Note that there are 4 CPUs – indexed 1-4. We need to identify Control plane CPU and Data plane CPU

The cpu Id -> entity Id mapping from the following SNMP walk

Combining all this information, we finally obtain the CPU information for each object

The relevant OIDs are

Used memory OID = 1.3.6.1.4.1.9.9.48.1.1.1.6

Free memory OID =  1.3.6.1.4.1.9.9.48.1.1.1.5

Memory Util = (Used memory) / (Used memory + Free memory)

Therefore

Cisco Meraki Cloud Controller and Network Devices Configuration

What is Discovered and Monitored

Availability (from SNMP Trap)

Performance (Fixed threshold)

Performance (Dynamic threshold based on baselines)

Settings for Access Credentials

What is Discovered and Monitored

Cisco Meraki Devices are discoverable in either of the following ways

SNMP to the Cloud Controller

SNMP to each Network Device

SNMP Traps can be sent from the Cloud Controller. Cisco Meraki Network Devices can also send logs directly to AccelOps.

Protocol Information Discovered Metrics collected Used for  
SNMP (V1, V2c) to

Cloud Controller or

Devices

Host name, Software version, Hardware model, Network interfaces Uptime, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and

Performance

Monitoring

Syslog from Meraki

Firewalls

  Firewall logs Security Monitoring  
SNMP Traps from

Cloud Controller

  Health Availability

Monitoring

 

Event Types

Interface Utilization: PH_DEV_MON_NET_INTF_UTIL

Rules

Availability (from SNMP Trap)

Meraki Device Cellular Connection Disconnected

Meraki Device Down

Meraki Device IP Conflict

Meraki Device Interface Down

Meraki Device Port Cable Error

Meraki Device VPN Connectivity Down

Meraki Foreign AP Detected

Meraki New DHCP Server

Meraki New Splash User

Meraki No DHCP lease

Meraki Rogue DHCP Server

Meraki Unreachable Device

Meraki Unreachable RADIUS Server

Meraki VPN Failover

Performance (Fixed threshold)

Network Intf Error Warning

Network Intf Error Critical

Network Intf Util Warning

Network Intf Util Critical

Performance (Dynamic threshold based on baselines)

Sudden Increase in Network Interface Traffic

Sudden Increase in Network Interface Errors

Reports

None

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

Cisco NX-OS Router and Switch Configuration

What is Discovered and Monitored

Enable NetFlow on the Router

Create a Flow Template and Define the Fields to Export

Set up Netflow Exporter

Associate the Record to the Exporter Using a Flow Monitor

Apply the Flow Monitor to Every Interface  Settings for Access Credentials

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for
SNMP (V1,

V2c, V3)

Host name, IOS version, Hardware model, Memory size, Network interface details name, address, mask and description Uptime, CPU and Memory utilization, Free processor and I/O memory, Free contiguous processor and I/O memory, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability

and

Performance

Monitoring

SNMP (V1,

V2c, V3)

Hardware component details: serial number, model, manufacturer, software and firmware versions of hardware components such as chassis, CPU, fan, power supply, network cards etc. Hardware health: temperature, fan and power supply Availability
SNMP (V1,

V2c, V3)

Trunk port connectivity between switches and

VLANs carried over a trunk port (via CDP

MIB), ARP table

  Topology and end-host location
SNMP (V1,

V2c, V3)

BGP connectivity, neighbors, state, AS number BGP state change Routing

Topology,

Availability

Monitoring

SNMP (V1,

V2c, V3)

OSPF connectivity, neighbors, state, OSPF

Area

OSPF state change Routing

Topology,

Availability

Monitoring

SNMP (V1,

V2c, V3)

  Class based QoS metrics: For (router interface, policy, class map) tuple: class map metrics including Pre-policy rate, post-police rate, drop rate and drop pct; po lice action metrics including conform rate, exceeded rate and violated rate; queu e metrics including current queue length, max queue length and discarded packets QoS

performance monitoring

Telnet/SSH Running and startup configuration, Image file

name, Flash memory size, Running processes

Startup configuration change, delta between running and startup configuration,

Running process CPU and memory utilization

Performance

Monitoring,

Security and

Compliance

Telnet/SSH End host Layer 2 port mapping: switch interface to VLAN id, end host IP/MAC address association    
Syslog Device type System logs and traffic logs matching acl statements Availability,

Security and

Compliance

Event Types

In CMDB > Event Types, search for “nx-os” in the Device Type column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Telnet/SSH

AccelOps uses Telnet/SSH to communicate with this device. Refer to the product documentation for your device to enable Telnet/SSH.

These commands are used for discovery and performance monitoring via SSH. Please make sure that the access credentials you provide in AccelOps have the permissions necessary to execute these commands on the device.

  1. show startup-config
  2. show running-config
  3. show version
  4. show flash
  5. show context
  6. show ip route
  7. show cam dynamic
  8. show mac-address-table
  9. show mac address-table (for Nexus 1000v)
  10. show vlan brief
  11. show process cpu
  12. show process mem
  13. show disk0
  14. enable
  15. terminal length 0

Syslog

AccelOps processes events from this device via syslogs sent by the device. Configure the device to send syslogs to AccelOps as directed in the device’s product documentation, and AccelOps will parse the contents.

For Syslog Server, or the server where the syslogs should be sent, enter the IP address of your AccelOps virtual appliance.

For Port, enter 514.

Make sure that the syslog type is Common Event Format (CEF). The syslog format should be the same as that shown in the example.

NetFlow

Enable NetFlow on the Router

  1. Enter configuration mode.
  2. Run this command.

Create a Flow Template and Define the Fields to Export You can can also try using the pre-defined NetFlow template.

Set up Netflow Exporter Run these commands.

Associate the Record to the Exporter Using a Flow Monitor In this example the flow monitor is called AccelOpsMonitoring.

Run these commands.

Apply the Flow Monitor to Every Interface Run these commands.

You can now check the configuration using the show commands.

Settings for Access Credentials

Cisco ONS Configuration

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for
SNMP

(V1, V2c)

Host name, Serial Number, software version,

Hardware model, Network interfaces, Hardware

Components

Uptime, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and

Performance

Monitoring

SNMP

Trap

  Alerts Availability and

Performance

Monitoring

Event Types

Over 1800 event types defined – search for “Cisco-ONS” in CMDB > Event Types

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

Dell Force10 Router and Switch Configuration

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for
SNMP (V1,

V2c)

Host name, Serial number, Software version,

Hardware model, Network interfaces, Hardware Components

Uptime, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), CPU utilization, Hardware Status Availability and

Performance

Monitoring

Telnet/SSH Running and Startup configurations Startup Configuration Change, Difference between Running and Startup configurations Change

monitoring

Event Types

In CMDB > Event Types, search for “force10” in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

TelNet/SSH

AccelOps uses Telnet/SSH to communicate with this device. Refer to the product documentation for your device to enable Telnet/SSH.

These commands are used for discovery and performance monitoring via SSH. Please make sure that the access credentials you provide in AccelOps have the permissions necessary to execute these commands on the device. To initiate discovery and monitoring of your device over this protocol, follow the instructions in Setting Access Credentials for Device Discovery.

  1. show startup-config
  2. show running-config
  3. show version
  4. show ip route
  5. enable
  6. terminal pager 0

Settings for Access Credentials

Dell NSeries Switch Configuration

Configuration

SNMP

Settings for Access Credentials

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for  
SNMP

(V1, V2c)

Host name, software version, Hardware model, Network

interfaces,

Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and

Performance

Monitoring

SNMP

(V1, V2c)

  Hardware Status (Power Supply, Fan) Availability

Monitoring

SSH   Configuration Change management  

Event Types

CPU Monitoring: PH_DEV_MON_SYS_CPU_UTIL

Memory Monitoring: PH_DEV_MON_SYS_MEM_UTIL

Interface Utilization: PH_DEV_MON_NET_INTF_UTIL

Hardware Status: PH_DEV_MON_HW_STATUS

Configuration Change: PH_DEV_MON_CHANGE_STARTUP_CONFIG

Rules

Availability

Network Device Degraded – Lossy Ping Response

Network Device Down – no ping response

Network Device Interface Flapping

Critical Network Device Interface Staying Down

Non-critical Network Device Interface Staying Down

Network Device Hardware Warning

Network Device Hardware Critical

Performance (Fixed threshold)

Network CPU Warning

Network CPU Critical

Network Memory Warning

Network Memory Critical

Network Intf Error Warning

Network Intf Error Critical

Network Intf Util Warning

Network Intf Util Critical

Performance (Dynamic threshold based on baselines)

Sudden Increase In System CPU Usage

Sudden Increase in System Memory Usage

Sudden Increase in Network Interface Traffic

Sudden Increase in Network Interface Errors

Change

Startup Config Change

Reports

Availability

Availability: Router/Switch Ping Monitor Statistics

Performance

Performance: Top Routers Ranked By CPU Utilization

Performance: Top Routers By Memory Utilization

Performance: Top Router Network Intf By Util, Error, Discards

Top Routers/Switches by Business Hours Network Ping Uptime Pct (Achieved Network Ping SLA)

Top Routers/Switches by Business Hours System Uptime Pct (Achieved System SLA)

Top Routers/Switches by Network Ping Uptime Pct (Achieved Network Ping SLA)

Top Routers/Switches by System Uptime Pct (Achieved System SLA)

Top Router Interfaces by Days-since-last-use

Change

Change: Router Config Changes Detected Via Login

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

Dell PowerConnect Switch and Router Configuration

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for
SNMP (V1,

V2c)

Host name, Serial number, Software version,

Hardware model, Network interfaces, Hardware Components

Uptime, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), CPU utilization, Hardware Status Availability and

Performance

Monitoring

Telnet/SSH Running and Startup configurations Startup Configuration Change, Difference between Running and Startup configurations Change

monitoring

Event Types

There are no event types defined specifically for this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Telnet/SSH

AccelOps uses Telnet/SSH to communicate with this device. Refer to the product documentation for your device to enable Telnet/SSH.

These commands are used for discovery and performance monitoring via SSH. Please make sure that the access credentials you provide in AccelOps have the permissions necessary to execute these commands on the device. To initiate discovery and monitoring of your device over this protocol, follow the instructions in Setting Access Credentials for Device Discovery.

  1. show startup-config
  2. show running-config
  3. show version
  4. show ip route
  5. enable
  6. terminal pager 0

Settings for Access Credentials

 

Foundry Networks IronWare Router and Switch Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

Configuration

SNMP

Telnet/SSH

Syslog

Sample Parsed PowerConnect Syslog Message  Settings for Access Credentials

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for  
SNMP (V1,

V2c)

Host name, Ironware version, Hardware model, Network interfaces, Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and

Performance

Monitoring

Telnet/SSH Running and startup configuration Startup configuration change, delta between running and startup configuration Performance Monitoring,

Security and

Compliance

SNMP (V1,

V2c)

Trunk port connectivity between switches and VLANs carried over a trunk port, End host Layer 2 port mapping: switch interface to VLAN id, end host IP/MAC address association   Topology and end-host location    
Syslog Device type System logs and traffic logs matching acl statements Availability,

Security and

Compliance

 

Event Types

In CMDB > Event Types, search for “foundry_ironware” in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

  1. Log in to the device manager for your switch or router with administrative privileges.
  2. Enter configuration mode.
  3. Run these commands to set the community string and enable the SNMP service.
  4. Exit config mode.
  5. Save the configuration.

Telnet/SSH

AccelOps uses Telnet/SSH to communicate with this device. Refer to the product documentation for your device to enable Telnet/SSH. Syslog

  1. Log in to the device manager for your switch or router with administrative privileges.
  2. Enter configuration mode.
  3. Run this command to set your AccelOps virtual appliance as the recipient of syslogs from your router or switch.
  4. Exit config mode.
  5. Save the configuration.

Sample Parsed PowerConnect Syslog Message

Settings for Access Credentials

HP/3Com ComWare Switch Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

Configuration

SNMP

Syslog

Example Syslog for ComWare Switch Messages  Settings for Access Credentials

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for  
SNMP

(V1, V2c)

Host name, software version, Hardware model, Network interfaces, Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Hardware status:

Power Supply, Fan, Temperature

Availability and

Performance

Monitoring

SNMP (V1, V2c,

V3)

  Hardware status: Temperature Availability  
Syslog   System logs Availability,

Security and

Compliance

 

Event Types

In CMDB > Event Types, search for “compare” in the Device Type column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Syslog

AccelOps processes events from this device via syslogs sent by the device. Configure the device to send syslogs to AccelOps as directed in the device’s product documentation, and AccelOps will parse the contents.

For Syslog Server, or the server where the syslogs should be sent, enter the IP address of your AccelOps virtual appliance.

For Port, enter 514.

Make sure that the syslog type is Common Event Format (CEF). The syslog format should be the same as that shown in the example.

Example Syslog for ComWare Switch Messages

%Apr 2 11:38:11:113 2010 H3C DEVD/3/BOARD REBOOT:Chasis 0 slot 2 need be rebooted automatically! %Sep 22 20:38:32:947 2009 H3C DEVD/4/BRD MISPLUG: The board or subcard in slot 1 is not supported. %Sep 22 20:38:32:947 2009 H3C DEVD/4/BRD MISPLUG: The board type of MR in 1 is different from the Mate MR’s, so the MR can’t work properly. %Sep 22 20:38:32:947 2009 H3C DEVD/2/BRD TOO HOT:Temperature of the board is too high! %Sep 22 20:38:32:947 2009 H3C DEVD/2/ FAN CHANGE: Chassis 1: Fan communication state changed: Fan 1 changed to fault.

Settings for Access Credentials

HP ProCurve Switch Configuration

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for  
SNMP (V1,

V2c)

Host name, version, Hardware model, Network interfaces, Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Hardware status: Power Supply, Fan, Temperature Availability

and

Performance

Monitoring

Telnet/SSH Running and startup configuration Startup configuration change, delta between running and startup configuration Performance

Monitoring,

Security and Compliance

SNMP (V1,

V2c)

Trunk port connectivity between switches and VLANs carried over a trunk port, End host Layer 2 port mapping: switch interface to VLAN id, end host

IP/MAC address association

  Topology and end-host location    

Event Types

In CMDB > Event Types, search for “procurve” in the Device Type and Description columns to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

  1. Go to Configuration > SNMP Community > V1/V2 Community.
  2. Enter a Community Name.
  3. For MIB-View, select Operator.
  4. For Write-Access, leave the selection cleared.
  5. Click Add.

SSH/Telnet

  1. Log into the device manager for your ProCurve switch.
  2. Go to Security > Device Passwords.
  3. Create a user and password for Read-Write Access.

Although AccelOps does not modify any configurations for your switch, Read-Write Access is needed to read the device configuration.

  1. Go to Security > Authorized Addresses and add the AccelOps IP to Telnet/SSH. This is an optional step.

Settings for Access Credentials

HP Value Series (19xx) and HP 3Com (29xx) Switch Configuration

Configuration

SNMP

Settings for Access Credentials

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for  
SNMP

(V1, V2c)

Host name, software version, Hardware model, Network

interfaces,

Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and

Performance

Monitoring

SSH   Configuration Change management  

Event Types

CPU Monitoring: PH_DEV_MON_SYS_CPU_UTIL

Memory Monitoring: PH_DEV_MON_SYS_MEM_UTIL

Interface Utilization: PH_DEV_MON_NET_INTF_UTIL

Configuration Change: PH_DEV_MON_CHANGE_STARTUP_CONFIG

Rules

Availability

Network Device Degraded – Lossy Ping Response

Network Device Down – no ping response

Network Device Interface Flapping

Critical Network Device Interface Staying Down

Non-critical Network Device Interface Staying Down

Performance (Fixed threshold)

Network CPU Warning

Network CPU Critical

Network Memory Warning

Network Memory Critical

Network Intf Error Warning

Network Intf Error Critical

Network Intf Util Warning

Network Intf Util Critical

Performance (Dynamic threshold based on baselines)

Sudden Increase In System CPU Usage

Sudden Increase in System Memory Usage

Sudden Increase in Network Interface Traffic

Sudden Increase in Network Interface Errors

Change

Startup Config Change

Reports

Availability

Availability: Router/Switch Ping Monitor Statistics

Performance

Performance: Top Routers Ranked By CPU Utilization

Performance: Top Routers By Memory Utilization

Performance: Top Router Network Intf By Util, Error, Discards

Top Routers/Switches by Business Hours Network Ping Uptime Pct (Achieved Network Ping SLA)

Top Routers/Switches by Business Hours System Uptime Pct (Achieved System SLA)

Top Routers/Switches by Network Ping Uptime Pct (Achieved Network Ping SLA)

Top Routers/Switches by System Uptime Pct (Achieved System SLA)

Top Router Interfaces by Days-since-last-use

Change

Change: Router Config Changes Detected Via Login

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

Juniper Networks JunOS Switch Configuration

What is Discovered and Monitored

Event Types

Rules

Reports

Configuration

SNMP

Syslog

Sample JunOS Syslog Messages sFlow

Settings for Access Credentials

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for
SNMP (V1,

V2c)

Host name, JunOS version, Hardware model, Network interfaces, Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Hardware status: Power Supply, Fan, Temperature Availability and

Performance

Monitoring

Telnet/SSH Running and startup configuration Startup configuration change, delta between running and startup configuration Performance

Monitoring,

Security and

Compliance

SNMP (V1,

V2c, V3)

Trunk port connectivity between switches and VLANs carried over a trunk port, End host Layer 2 port mapping: switch interface to VLAN id, end host IP/MAC address association   Topology and end-host location
Syslog   System logs and traffic logs matching acl statements Availability,

Security and

Compliance

sflow   Traffic flow Availability,

Security and

Compliance

Event Types

In CMDB > Event Types, search for “junos” in the Device Type column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

  1. Log in to the device manager for your JunOS switch with administrator privileges.
  2. Go to Configure > Services > SNMP.
  3. Under Communities, click Add.
  4. Enter a Community Name.
  5. Set Authorization to read-only.
  6. Click OK.

Syslog

  1. Log in to the device manager for your JunOS switch with administrator privileges.
  2. Go to Dashboard > CLI Tools > CLI Editor.
  3. Edit the syslog section to send syslogs to AccelOps.
  4. Click Commit. Sample JunOS Syslog Messages

sFlow

Routing the sFlow Datagram in EX Series Switches

According to Juniper documentation, the sFlow datagram cannot be routed over the management Ethernet interface (me0) or virtual management interface (vme0) in an EX Series switch implementation. It can only be exported over the network Gigabit Ethernet or 10-Gigabit Ethernet ports using valid route information in the routing table.

  1. Log in to the device manager for your JunOS switch with administrator privileges.
  2. Go to Configure > CLI Tools > Point and Click CLI.
  3. Expand Protocols and select slow.
  4. Next to Collector, click Add new entry.
  5. Enter the IP address for your AccelOps virtual appliance.
  6. For UDP Port, enter 6343.
  7. Click Commit.
  8. Next to Interfaces, click Add new entry.
  9. Enter the Interface Name for all interfaces that will send traffic over sFlow.
  10. Click Commit.
  11. To disable the management port, go to Configure > Management Access, and remove the address of the management port. You can also disconnect the cable.

Settings for Access Credentials

Mikrotek Router Configuration

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for
SNMP

(V1, V2c)

Host name, software version,

Hardware model, Network interfaces

Uptime, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and

Performance

Monitoring

Event Types

There are no event types defined specifically for this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials

Nortel ERS and Passport Switch Configuration

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for  
SNMP

(V1, V2c)

Host name, software version, Hardware model, Network

interfaces,

Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and

Performance

Monitoring

SNMP

(V1, V2c)

  Hardware status: Temperature  
SNMP (V1, V2c,

V3)

  Layer 2 port mapping: associating switch ports to directly connected host IP/MAC addresses Identity and location table; Topology  

Event Types

There are no event types defined specifically for this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Settings for Access Credentials


Viewing all articles
Browse latest Browse all 2380

Trending Articles