Technical Tip: Monitor FortiSIEM nodes through an external SNMP server

mnovelli · ‎09-10-2024

Description

This article describes that it is sometimes required to manage FortiSIEM components (Supervisors, Collectors, and Workers) using an external IT Monitoring platform. By default, the SNMPD service is installed on any nodes but it is disabled.

The following procedure can be used to monitor FortiSIEM components through SNMP Protocol. Typically, it is not required to open ports on local firewalld installed on any FortiSIEM components.

Scope

FortiSIEM.

Solution

SNMP v1/v2C configuration: The following procedure can be used if the IT monitoring platform supports SNMP v1/v2C:

Configure the community string on each FortiSIEM node. Modify file /etc/snmp/snmpd.conf and add the following line:

rocommunity <community> default

Below is an example:

Start the SNMPD service by running the following commands:

systemctl start snmpd
systemctl status snmpd

Below is an example:

SNMP v3 configuration: The following procedure can be used if the IT monitoring platform supports SNMP v3:

Stop the SNMPD service if running:

systemctl stop snmpd

Execute the following command:

net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass][-x DES|AES] [username]

Below is an example:

Start the SNMPD service, and run the following commands:

systemctl start snmpd
systemctl status snmpd

Below is an example: