Viewing Collector Health

If your FortiSIEM deployment includes Collectors, you can monitor the status of the Collectors in the ADMIN > Health > Collector Health page. You can also upgrade Collectors from this page.

  1. Go to ADMIN > Health > Collector Health.
  2. Select a Collector and click Show Processes to see the processes running on that Collector. 
    Refer to the 'FortiSIEM Backend Processes' table below for information about the processes that run on Collectors. 
  3. You can also Stop or Start a Collector by selecting it and clicking the appropriate button. 

    Properties associated with Collector Health include:
    Collector PropertyDescription
    OrganizationName of the organization to which the Collector belongs
    NameName of the Collector
    IP AddressIP address of the Collector
    StatusStatus of the Collector as either Up or Down
    Health Health of the Collector based on the health of the modules running on it. If Health is Critical, it means that one of the modules is not running on the Collector. 
    Up TimeTotal time that the Collector has been up
    Last Status UpdatedThe time when the collector last reported its status to the cloud
    Last Event TimeThe time when the collector last reported events to the cloud
    Last File ReceivedThe time when the collector last reported its performance status to the cloud
    CPU Utilization Overall CPU utilization of the Collector
    Memory Utilization Overall memory utilization of the Collector
    VersionWhich version of FortiSIEM the Collector is running on
    Build DateDate on which the version of FortiSIEM the Collector is running on was built
    Upgrade VersionIf the Collector has been upgraded, the new version
    Install StatusIf you upgrade the Collector, the status of the upgrade is shown here as either Success or Failed.
    Download StatusIf an image was downloaded to the Collector, the status of the download is shown here as Success or Failed
    Allocated EPS The number of events per second (EPS) dynamically allocated by the system to this collector.

    FortiSIEM Backend Processes
    ProcessFunctionUsed by SupervisorUsed by WorkerUsed by Collector
    phMonitorMonitoring other processesXXX
    phDiscoverPulling basic data from targetXX
    phPerfMonitorExecute performance jobXXX
    phAgentManagerExecute event pulling jobXXX
    phCheckpointExecute checkpoint monitoringXXX
    phEventPackageUploading event/SVN file to Supervisor/WorkerX
    phParserParsing event to shared store (SS)XXX
    phDataManagerSave event from SS to Event DBXX
    phRuleMasterDetermines if a rule should triggerX
    phRuleWorkerAggregates data for rulesXX
    phQueryMasterMerges data from QueryWorkerX
    phQueryWorkerExecutes a query taskXX
    phReportMasterMerge data from ReportWorkerX
    phReportWorkerAggregates data for reportsXX
    phIPIdentityMasterMerges IP identity informationX
    phIdentityWorkerCollects IP identity informationXX
    ApacheReceives event/SVN files from the CollectorXX