Creating a Custom Performance Monitor

You can create Custom Performance Monitors by defining the performance object that you want to monitor, including the relationship between the performance object and FortiSIEM events and event attributes, and then associating the performance object to a device type. 

Creating Custom Performance Monitors for Enterprise and Multi-Tenant Deployments

In Service Provider FortiSIEM deployments, custom performance performance have to be created by the Super/Global account, and apply to all organizations. In enterprise deployments, custom performance monitors can be created by any user who has access to the Admin tab.

Prerequisites

• You should review the configuration settings for the monitoring protocols that you will use in your monitor, and be ready to provide the appropriate OIDs, classes, or database table attributes for the access protocol.
• You should have created any new device/application types, event attributes, or event types that you want to use in your Performance Monitor.
• You should have the IP address and access credentials for a device that you can use to test the monitor.

Creating the Performance Object and Applying it to a Device

1. Go to ADMIN > Device Support > Monitoring.
2. Click New.
3. Enter a Name for the Performance Monitor.
4. For Type, select either System or Application.
5. For Method, select the monitoring protocol for the performance monitor.
   See the topics under Monitoring Protocol Configuration Settings for more information about the configuration settings for each type of monitoring protocol. 
6. Click New next to List of Attributes, and create the mapping between the performance object and FortiSIEM event attributes. 
   Note that the Method you select will determine the name of this mapping and the configuration options that are available. See Mapping Monitoring Protocol Objects to Event Attributes for more information.
7. Select the Event Type that will be monitored. 
8. Enter the Polling Frequency for the monitor.
9. Enter a Description. 
10. Click Save.
11. Under Enter Device Type to Performance Object Association section, click New. 
12. Enter a Name for the mapping. 
13. Select the Device Type from the drop-down for which you want to apply the monitor. 
    Whenever a device belonging to the selected device type is discovered, FortiSIEM will attempt to apply the performance monitor to it. 
14. Click Perf Objects drop-down to select or search the Performance Objects.
15. Click Save. 

Testing the Performance Monitor

1. Go to ADMIN > Device Support > Monitoring.
2. Select the performance monitor.
3. Click Test.
4. For IP, enter the IP address of the device that you want to use to test the monitor. 
   Testing for Multi-Tenant Deployments: If you have a Service Provider FortiSIEM, select the Supervisor or Collector where the device is monitored.  
5. Click Test.If the test succeeds, click Close, and then click Apply to register the new monitor with the back-end module.

After you have successfully tested and applied the performance monitor, you should initiate discovery of the device that it will monitor, and then make sure that the new monitor is enabled as described in Managing Monitoring of System and Application Metrics for Devices.