Monitoring support tag reference
This reference describes the use of each tag in the configuration file. The tags are listed in the same order as they appear in the configuration file.
Tag syntax
Tag syntax is presented as follows:
- All parameters are presented in italics.
- All optional elements of the tag appear in square brackets [ ].
For a comprehensive example, see Configuration file example, or refer to other examples under /usr/share/fa/data/plugins/.
DEVICE
Syntax
DEVICE -[id="id"] [name="name"] [title="title"]
Description
This is the main tag for the device, and it identifies the device.
Parameters
| Id |
String. The ID of the device brand. |
| Name |
String. The name of the device brand. The name will appear throughout the Web interface (for example, in the Overview and Changes tabs). |
| Title |
String. The full name of the device brand. The title represents the device in the list of device types in the Devices tab of the Administration pages. |
Subtags
Example
In the following example, the device name FortiGate will appear throughout the Web interface, while the title Fortinet - FortiGate will appear in the list of device types only.
DEVICE id="fortigate" name="FortiGate" title="Fortinet - FortiGate"
FORM_FIELD
Syntax
FORM_FIELD id="id" title="title" [type="type"]
Description
This tag is optional.
Parameters
| id |
String. The ID of the field. It can include only the following characters: a-z , _ , - The ID is used as a tag in the file firewall_data.xml. |
| title |
String. The label representing the field in the Web interface. |
| type |
String. The field's type. This can have the following values:
The default value is text. |
Subtags
None.
Example
In the following example, a field called "Virtual Domain" was added for the device. The field type was not specified and is therefore "text".
FORM_FIELD id="vdom" title="Virtual Domain"
CONNECTION_CMD
Syntax
CONNECTION_CMD id="id" command="command" title="title"
Description
By default, when adding or modifying a device in the Web interface, the Remote Management Capabilities area includes the following connection options: SSH and Telnet. You can use this tag to add additional options.
This tag is optional.
Parameters
| id |
String. The ID of the connection option. It can include only the following characters: a-z, A-Z, 0-9, @, _, !, +, ., :, -, ), ( The ID is used as a tag in the file firewall_data.xml. |
| command |
String. The connection command. This may include the following parameters from the file firewall_data.xml:
|
| title |
String. The label representing the connection option in the Web interface. |
Subtags
None.
Example
In the following example, the connection option SSH is defined.
CONNECTION_CMD id="ssh" command="ssh %user_name%@%host_name%" title="SSH"
DATA_COLLECTION
Syntax
DATA_COLLECTION prompt="prompt" [more_prompt="more_prompt"]
Description
This tag specifies device prompts that AFA will encounter when connecting to the device.
Parameters
| prompt |
String. The basic device prompt that appears when the AFA automatic data collection client connects to the device. This is a regular expression. |
| more_prompt |
String. The device prompt that appears when there is additional data that is not currently displayed. This is a regular expression. This parameter is optional. |
Subtags
Example
DATA_COLLECTION prompt="#\s*$" more_prompt="^\s*-+\s*[Mm]ore\s*-+\s*$"
LOGIN_PROMPT
Syntax
LOGIN_PROMPT prompt="prompt" response="response" try_again="try_again"
Description
This tag specifies the device prompt that AFA will encounter after successfully connecting to the device. Usually, this prompt relates to logging in to the device, for example a request for a password.
This tag is optional.
Parameters
| prompt |
String. A regular expression that describes the device prompt that appears after the AFA automatic data collection client has connected to the device. This regular expression should match the device prompt (e.g. "user1@device1 #") as tightly as possible. |
| response |
String. The command or string that the AFA automatic data collection client should send after receiving the prompt. |
| try_again |
String. Indicates whether after receiving the device prompt specified by the prompt parameter, the AFA automatic data collection client should attempt to log in again, or continue to wait for the basic login prompt. This can have the following values:
|
Subtags
None.
Example
In the following example, upon receiving the "yes/no?" prompt, the AFA automatic data collection client will send the response "yes" and then attempt to log in again.
LOGIN_PROMPT prompt="(yes/no)?\s+$" response="yes" try_again="yes"
POST_LOGIN_PROMPT
Syntax
POST_LOGIN_PROMPT prompt="prompt" response="response"
Description
This tag specifies device prompts that AFA will encounter after successfully logging in to the device.
This tag is optional.
Parameters
| prompt |
String. The device prompt that appears after the AFA automatic data collection client has logged in to the device. This is a regular expression. |
| response |
String. The command or string that the AFA automatic data collection client should send after receiving the prompt. |
Subtags
None.
Example
POST_LOGIN_PROMPT prompt="Terminal type\?.*$" response="xterm"
COMMANDS_SEQUENCE
Syntax
COMMANDS_SEQUENCE
Description
This tag specifies the sequence of commands that AFA should use during data collection.
Parameters
None.
Subtags
CMD
Syntax
CMD id="id" command="command" save_output="save_output" [condition="condition"] [prompt="prompt"]
Description
This tag specifies a command that AFA should use during data collection.
Parameters
|
id |
Integer. The command's ID and order number. Commands are implemented in numerical order. |
|
command |
String. The connection command that the AFA automatic data collection client should send to the device. This may include the following parameters from the file firewall_data.xml:
|
|
save_output |
String. Indicates whether the result of the command should be added to output device configuration file. This can have the following values:
|
|
condition |
String. The name of an attribute defined in the FORM_FIELD tag, which if assigned a value (i.e., the parameter is not empty), should cause the AFA automatic data collection client to send this command. This can have the following values:
|
|
prompt |
String. The device prompt that will appear after the AFA automatic data collection client has sent this command. This is a regular expression and may include the following parameters from the file firewall_data.xml:
Note: By default, the AFA automatic data collection client will expect to receive the last defined prompt, (which was specified in the preceding DEVICE, CMD or LOGIN tag). |
Subtags
None.
Example
In the following example, the enable command will run only if the device configuration file includes an enable attribute that is not empty. The result of the command will not be saved.
CMD id="1" command="enable" save_output="no" condition="enable" prompt="sword:\s*$"
CMD_VIRT
Syntax
CMD_VIRT id="id" command="command" save_output="save_output" [condition="condition"] [prompt="prompt"]
Description
This tag specifies a command that AFA should use during data collection on a virtual system.
This tag is optional.
Parameters
|
id |
Integer. The command's ID and order number. Commands are implemented in numerical order. |
|
command |
String. The connection command that the AFA automatic data collection client should send to the device. This may include the following parameters from the file firewall_data.xml:
|
|
save_output |
String. Indicated whether the result of the command should be added to output device configuration file. This can have the following values:
|
|
condition |
String. The name of an attribute defined in the FORM_FIELD tag, which if assigned a value (i.e., the parameter is not empty), should cause the AFA automatic data collection client to send this command. This can have the following values:
|
|
prompt |
String. The device prompt that will appear after the AFA automatic data collection client has sent this command. This is a regular expression and may include the following parameters from the file firewall_data.xml:
Note: By default, the AFA automatic data collection client will expect to receive the last defined prompt, (which was specified in the preceding DEVICE, CMD or LOGIN tag). |
Subtags
None.
Example
In the following example, the end command will run only if the device configuration file includes a vdom attribute that is not empty. The result of the command will not be saved.
CMD_VIRT id="4" command="end" save_output="no" prompt="#\s*$" condition="vdom"
DATA_COLLECTION
Syntax
EXIT_COMMAND command="command"
Description
This tag specifies the command that AFA should use to end the connection to the device.
Parameters
| command |
String. The command that the AFA automatic data collection client should send, in order to end the connection. |
Subtags
None.
Example
In the following example, the command is "exit".
EXIT_COMMAND command="exit"
DIFF
Syntax
DIFF context_lines="contextLines"
Description
When real-time monitoring and alerting is enabled, specified users receive e-mails upon changes to monitored devices, and the changes are displayed in the Web interface's Changes tab. This tag specifies the number of lines before and after a change to display in e-mails and in the Web interface's Changes tab. The lines surrounding a change represent the change's context.
This tag is optional.
Parameters
| contextLines |
Integer. The number of lines to show before and after a change. The default value is 3. |
Subtags
None.
Example
In the following example, the 5 lines before and after a change will be displayed.
DIFF context_lines="5"
EXCLUDE
Syntax
EXCLUDE regex="regex" [lines_before="lines_before"] [lines_after="lines_after"] [inline="inline"]
Description
When real-time monitoring is enabled, AFA periodically checks whether the device configuration has changed. You can use this tag to exclude certain lines in the device configuration from monitoring.
For example, the current date and other counters frequently change, yet do not represent an actual change to the device configuration. In order to prevent changes to such lines from repeatedly being interpreted as a device configuration changes and reported via e-mail and the Web interface's Changes tab, you can exclude these lines from monitoring.
This tag is optional.
Parameters
| regex |
String. A regular expression, describing a string in the device configuration file that should be ignored by AFA when checking for changes to the device configuration. |
| line_before |
Integer. The number of lines preceding the string specified in regex, including the line in which the string appears, that should be excluded from monitoring. |
| lines_after |
Integer. The number of lines following the string specified in regex, including the line in which the string appears, that should be excluded from monitoring. |
| inline |
String. Indicates whether the whole line (or any whole lines before or after) or only the part of the line that matches the regular expression is excluded. This can have the following values:
|
Subtags
None.
Example
In the following example, when checking the device configuration for changes, AFA will exclude 30 lines starting from the string "set private-key".
EXCLUDE regex="set private-key" lines_after="30"
ROUTING
Syntax
ROUTING script="script"
Description
This tag specifies a script that should be used to analyze the device's routing table.
This tag is optional.
Parameters
| script |
String. The name of the script to use for creating a routing table. |
Subtags
None.
Example
In the following example, the script forti2urt.pl is specified.
ROUTING script="forti2urt.pl"
FEATURES
Syntax
FEATURES
Description
This tag specifies features that are supported for the device.
Note: By default, only real-time monitoring is supported for the device. To add more features, contact AlgoSec.
This tag is optional.
Parameters
None.
Subtags
FEATURE
Syntax
FEATURE name="name" [script="script"]
Description
This tag specifies a feature that is supported for the device.
Parameters
|
name |
String. The name of the feature. |
|
script |
String. The name of the script to use to run the feature. |
Subtags
None.
Example
In the following example, the topology feature is supported for the device.
FEATURE name="topology" script="snmp2urt"
Yes 
No 
