Vendor
Model
Hardware Model
eg.
Vendor: HP
Model: ProCurve Switch
Hardware Model: 2950
#snmpwalk -v 2c -c <community string> <ip> sysObjectID.0
eg.
#snmpwalk -v 2c -c public 172.30.59.133 sysObjectID.0
#SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.11.2.3.7.11.160
#vi /opt/phoenix/config/userSnmpSysObjId.csv
4. Insert the following entry into the file:ORIGINAL EMPTY FILE EXAMPLE:Vendor,Model,hwModel,OIDFILLED IN EXAMPLE:Vendor,Model,hwModel,OIDHP,ProCurve Switch,5406,SNMPv2-SMI::enterprises.11.2.3.7.11.160
5. Save the Changes
6. Proceed to repeat the step 4 and insert to all the nodes, this will cover any time a new device is discovered with any other fortiSIEM node
7. Additional Information:
7.1 If the file does not exist, please feel free and create it using the name on step 3.7.2 Add the following entries into /opt/phoenix/config/phoenix_config.txtsystem_snmp_sysObjId_file=/opt/phoenix/config/systemSnmpSysObjId.csvuser_snmp_sysObjId_file=/opt/phoenix/config/userSnmpSysObjId.csvMake sure it is inserted under the "phDiscover" Attribute Block.Eg.[BEGIN phDiscover]command_port = 7928discover_get_uri =phoenix/rest/deviceInfodiscover_put_uri =phoenix/rest/discovered/discoverdiscover_service_path=phoenix/rest/config/servicediscover_package_path=phoenix/rest/config/applicationPackagetask_status_put_uri=phoenix/rest/sync/task/statusdiscover_from_file=1 #0:from network; 1:from filediscover_file_dir=/opt/phoenix/config/discoverFile #not reqd if prev flag is 0system_snmp_sysObjId_file=/opt/phoenix/config/systemSnmpSysObjId.csvuser_snmp_sysObjId_file=/opt/phoenix/config/userSnmpSysObjId.csvsnmpwalk_timeout = 300 # secondssystem_call_timeout = 300 # secondsvm_discov_timeout = 900 # 15 minutessnmpwalk_v1_packet_timeout = 5 # secondsnmpwalk_v2_packet_timeout = 5 # secondbgp_max_discov_count = -1 # max number of auto discoveries in one hour (set to -1 to disable auto discover)discover_compress_threshold = 2048snmp_ping_times=5wmi_ping_times=5[END]7.3 Restart phDiscover after adding this into the phoenix_config.txt: killall -9 phDiscover
Related Articles
Technical Note: FortiSIEM testing SNMP from the command line
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.