Home

> Administration > General Settings > Monitoring Settings

Monitoring Settings

The following section describes the procedures for Monitoring settings:

Important Processes

This setting allows you to always get process resource utilization reports and up/down alerts on a set of important processes across all device types.

  1. Go to ADMIN > General Settings > Monitoring > Important Processes tab.
  2. Click Enable.
    This will stop monitoring all processes.
  3. Click New.
  4. Enter a Process Name, Parameter, and select an Organization from the drop-down.
  5. Click Save.
  6. Select the processes from the table and click Apply.
    FortiSIEM will start monitoring only the selected processes in this tab.
  7. If you want to disable this and return to ALL process monitoring, then click Disable.

Important Ports

This setting allows you to get TCP/UDP port up/down status only for a set of important critical ports. Always reporting UP/DOWN status for every TCP/UDP port on every server can consume a significant amount of resources. A port's UP/DOWN status is reported only if the port belongs to this list defined here.

Matching is exact based on port number and IP protocol.

  1. Go to ADMIN > General Settings > Monitoring > Important Ports tab.
  2. Click New.
  3. Enter the Port Number and select the Port Type and Organization from the drop-down.
  4. Click Save.
  5. Select the new ports from the list and click Apply.

Important Interfaces

This setting allows you to always get interface utilization reports on a set of important network interfaces across all device types.

  1. Create a list of all Important interfaces.
  2. Go to ADMIN > General Settings > Monitoring > Important Interfaces tab.
  3. Click Enable.
    This will stop monitoring all interfaces.
  4. Click the icon left to search field to select either Show Device Table or Show Interface only.
  5. Click Select to add the selected interface to the list. The Critical and Monitor columns will be automatically checked.
  6. Check the WAN box if applicable. If checked, the interface utilization events would have isWAN = "yes" attribute.
    You can use this to run a report for all WAN interfaces.
  7. Select the interfaces from the table and click Apply.
    FortiSIEM will start monitoring only the selected interfaces in this tab.
  8. If you want to disable this and return to ALL process monitoring, click Disable.

By default this feature is disabled no matter it is upgraded or new installed. If this feature is disabled, FortiSIEM monitors all interface util and up/down events. isHostIntfCritical will set to false for all interfaces. Only non-critical interface staying down rule may trigger. Critical interface staying down rule will have no chance to trigger. If this feature is enabled, there are two check boxes - monitor and critical. If critical is checked, monitored will be checked automatically. Monitor controls whether we need to generate interface util event. We monitor interface utils events for interface whose monitor check box is selected. Critical controls whether we need to generate interface up/down events. FortiSIEM monitors interface up/down events for interface whose critical check box is selected. If one interface is marked as critical, we set the attribute of “isHostIntfCritical” to true in the generated interface util and up/down events. The Rule “critical interface staying down” will trigger on interfaces whose isHostIntfCritical is true. Non-critical interface staying down rule will have no chance to trigger.

Excluded Disks

This setting allows you to exclude disks from disk capacity utilization monitoring. Disk capacity utilization events will not be generated for devices matching device name, access IP and disk name. Incidents will not trigger for these events, and the disks will not show up in summary dashboards. Use this list to exclude read only disk volumes or partitions that do not grow in size and are close to full.

  1. Go to ADMIN > General Settings > Monitoring > Excluded Disks tab.
  2. Click New.
  3. From the Choose Disk dialog box, select the device from the device group.
  4. Click Select.
  5. Select the device from the table and click Apply.