Monitoring Protocol Configuration Settings

These topics describe the configuration settings for monitoring Protocols such as SNMP, WMI, and JDBC that are used for creating custom Performance Monitors. 

• JDBC Configuration Settings
• JMX Configuration Settings
• SNMP Configuration Settings for Custom Performance Monitors
• WMI Configuration Settings for Custom Performance Monitors

JDBC Configuration Settings

When configuring JDBC as the access protocol for a custom performance monitor, use these settings. You may also want to review the topic Custom JDBC Performance Monitor for a Custom Table as example of how to set up a custom performance monitor using JDBC.

Field	Setting/Notes
Method	JDBC
Database Type	Select the type of database to connect to
SQL Query	The SQL Query to execute when connecting
List of Columns	This creates the mapping between columns in the database and FortiSIEM event attributes. See Mapping Monitoring Protocol Objects to Event Attributes for more information.
Where Clause	This indicates whether the database table being queried has a fixed set of rows, or whether it is growing over time. An example of this would be a table containing logs, in which case FortiSIEM would keep track of the last entry and only pull the new ones. There are three options here: There is a fixed set of rows and all rows are needed. Leave all options cleared. There is a fixed set of rows and a fixed number of rows are needed. Select Fixed records and enter the number of required rows. The table is growing and only new values are needed. Select Retrieve all new values since last retrieve time of column., and enter the name of the column that represents time in the database. FortiSIEM will keep track of the largest value in this column and only pull entries greater than that value during the next polling interval.

JMX Configuration Settings

When configuring JMX as the monitoring protocol for a custom performance monitor, use these settings. You may also want to review the topic Custom JMX Monitor for IBM Websphere as an example of creating a custom JMX performance monitor. 

Field	Setting/Notes
Method	JMX
MBean	Enter the MBean interface that you want to monitor, or click the downward arrow to browse the JMX tree and select it. Note that the option you select here will determine the objects that are available when you select an Object Attribute for the List of Attributes. See the next section in this topic for information on how to find

Identifying MBean Names and Attributes for Custom Applications

This section discusses how to get MBean names and attributes for custom J2EE based applications.

1. Launch JConsole on your workstation and connect to the application.
2. Select the MBeans tab.
3. Browse to the application you want to monitor, and select it.
4. In the right pane you will see the MBeanInfo. Note the ObjectName, while the attributes for the application will be listed in the tree view.

SNMP Configuration Settings for Custom Performance Monitors

When configuring SNMP as the access protocol for a custom performance monitor, use these settings. You may also want to review the topics Custom SNMP Monitor for D-Link Interface Network Statistics and Custom SNMP Monitor for D-Link HostName and SysUpTime as example of how to set up a custom performance monitor using SNMP.

Field	Settings/Notes
Method	SNMP
Parent OID	The parent Object Identifier (OID) is used to optimize the number of SNMP GETs required for pulling the various individual OIDs. You can enter this directly, or click the downward arrow to select it from an MIB file. Several different MIB files are available to select from, s ee Importing OID Definitions from a MIB File for more information.
Parent ID is table	Select is table if the OIDs you want to monitor are in a table with at least one row. An example would be interface metrics, such as ifInOctets and ifOutOctets, since there is an interface metric for each interface.
List of OIDs	The OIDs you want to monitor mapped to FortiSIEM event attributes. The selection you make for Parent OID determines the options available in the OID menu when you select New.

Importing OID Definitions from a MIB File

Many devices include MIB files that you can then use to create a custom performance monitor for the device. This involves creating a configuration file based on information in the MIB file, using that file as input for the mib2xml executable, and then placing the resulting output file in the /data/mibXml directory of your Supervisor. Once placed in this directory, you can select the file from the MIB File List menu to select the parent OID, which will then also affect which OIDs you can select for the OID to event attribute mapping. 

Procedure

1. Collect the device OID files you want to use and place them in a directory where the mib2XML 
2. Create the input config file with these fields, and name it with the .cfg file designation. 
   
   See the attached alcatel.cfg file for an example.

   Field	Description
   group	This is the number of MIB file group. MIB files need to be analyzed as a group because of cross-references within them. The group attribute specifies an ID for each group and needs to be unique for every group.
   mibFile	The name of the MIB file being analyzed. There can be multiple entries. Be sure to specify the path to the MIB files.
   vendor	The name of the device vendor for the MIB file
   model	The model name or number for the device
   evtPrefix	As SNMP trap notification definitions in the MIB file are parsed, an event file is generated for each SNMP trap. This field specifies the event type prefix.
   enterpriseId	The enterprise ID number for this vendor, which is used for generating the SNMP trap parser

3. Run mib2XML <filename>.cfg.
4. Move the resulting .mib.xml file to the /data/mibXml directory of your Supervisor.

Example

In this example, a set of MIB files from an Alcatel 7x50 device are used to generate the XML output file. 

1. Sample MIB files:
   TIMETRA-CHASSIS-MIB.mib
   TIMETRA-GLOBAL-MIB.mib
   TIMETRA-SYSTEM-MIB.mib
   TIMETRA-TC-MIB.mib
2. Information in these files, and the paths to them, are then used to create this config file. 
   alcatel.cfg
3. Running mib2xml alcatel.cfg generates both an output and an mib2XML file. 
   alcatel.out
   TIMETRA-TC-MIB.mib.xml

WMI Configuration Settings for Custom Performance Monitors

When configuring WMI as the monitoring protocol for a custom performance monitor, use these settings. You may also want to review the topic Custom WMI Monitor for Windows Domain and Physical Registry as example of how to set up a custom performance monitor using WMI.

Field	Settings
Method	WMI
Parent Class	WMI metrics are defined in the form of a parent class having multiple attributes. For example, the parent class Win32_ComputerSystem has the attributes Domain and TotalPhysicalMemory.
Is Table	If the parent WMI class is a table with one or more rows, select this option.