Viewing Collector Health

If your FortiSIEM deployment includes Collectors, you can monitor the status of the Collectors in the ADMIN > Health > Collector Health page. You can also upgrade Collectors from this page. Select a Collector and click Show Processes to see the processes running on that Collector. 
Refer to the 'FortiSIEM Backend Processes' table below for information about the processes that run on Collectors. 

The Actions menu provides the operations you can perform on a Collector:

  • Start - to start the Collector.
  • Stop - to start the Collector.
  • Download Image - to download a Collector image.
  • Install Image - to install a Collector image.
  • Download Update - to download a Collector image update.
  • Install Update - to install a Collector image update.

Properties associated with Collector Health include:

Collector PropertyDescription
OrganizationName of the organization to which the Collector belongs
NameName of the Collector
IP AddressIP address of the Collector
StatusStatus of the Collector as either Up or Down
Health Health of the Collector based on the health of the modules running on it. If Health is Critical, it means that one of the modules is not running on the Collector. 
Up TimeTotal time that the Collector has been up
Last Status UpdatedThe time when the collector last reported its status to the cloud
Last Event TimeThe time when the collector last reported events to the cloud
Last File ReceivedThe time when the collector last reported its performance status to the cloud
CPU Overall CPU utilization of the Collector
Memory Overall memory utilization of the Collector
Allocated EPS The number of events per second (EPS) dynamically allocated by the system to this collector.
Incoming EPSThe EPS that the Collector is currently seeing.
Upgrade VersionIf the Collector has been upgraded, the new version
Build DateDate on which the version of FortiSIEM the Collector is running on was built
Install StatusIf you upgrade the Collector, the status of the upgrade is shown here as either Success or Failed.
Download StatusIf an image was downloaded to the Collector, the status of the download is shown here as Success or Failed
VersionVersion of FortiSIEM the Collector is running on


FortiSIEM Backend Processes

Process Function Used by Supervisor Used by Worker Used by Collector
phMonitor Monitoring other processes X X X
phDiscover Pulling basic data from target X X
phPerfMonitor Execute performance job X X X
phAgentManager Execute event pulling job X X X
phCheckpoint Execute checkpoint monitoring X X X
phEventPackage Uploading event/SVN file to Supervisor/Worker X
phParser Parsing event to shared store (SS) X X X
phDataManager Save event from SS to Event DB X X
phRuleMaster Determines if a rule should trigger X
phRuleWorker Aggregates data for rules X X
phQueryMaster Merges data from QueryWorker X
phQueryWorker Executes a query task X X
phReportMaster Merge data from ReportWorker X
phReportWorker Aggregates data for reports X X
phIPIdentityMaster Merges IP identity information X
phIdentityWorker Collects IP identity information X X
Apache Receives event/SVN files from the Collector X X