Viewing Collector Health

If your FortiSIEM deployment includes Collectors, you can monitor the status of the Collectors in the ADMIN > Health > Collector Health page. You can also upgrade Collectors from this page. Select a Collector and click Show Processes to see the processes running on that Collector. 
Refer to the 'FortiSIEM Back-End Processes' table below for information about the processes that run on Collectors. 

The Action menu provides the operations you can perform on a Collector:

  • Start - to start the Collector.
  • Stop - to start the Collector.
  • Download Image - to download a Collector image.
  • Install Image - to install a Collector image.
  • Download Update - to download a Collector image update.
  • Install Update - to install a Collector image update.

Properties Associated with Collector Health

Collector Property Description
Organization Name of the organization to which the Collector belongs.
Name Name of the Collector.
IP Address IP address of the Collector.
Status Status of the Collector as either Up or Down.
Health Health of the Collector based on the health of the modules running on it. If Health is Critical, it means that one of the modules is not running on the Collector. 
Up Time Total time that the Collector has been up.
Last Status Updated The time when the collector last reported its status to the cloud.
Last Event Time The time when the collector last reported events to the cloud.
Last File Received The time when the collector last reported its performance status to the cloud.
CPU Overall CPU utilization of the Collector.
Memory Overall memory utilization of the Collector.
Allocated EPS The number of events per second (EPS) dynamically allocated by the system to this collector.
Incoming EPS The EPS that the Collector is currently seeing.
Upgrade Version If the Collector has been upgraded, the new version.
Build Date Date on which the version of FortiSIEM the Collector is running on was built.
Install Status If you upgrade the Collector, the status of the upgrade is shown here as either Success or Failed.
Download Status If an image was downloaded to the Collector, the status of the download is shown here as Success or Failed.
Version Version of FortiSIEM the Collector is running on.

FortiSIEM Back-End Processes

Process Function Used by Supervisor Used by Worker Used by Collector
phAgentManager Execute event pulling job X X X
phCheckpoint Execute checkpoint monitoring X X X
phDiscover Pulling basic data from target X

X
phEventForwarder Responsible for forwarding events and incidents from FortiSIEM to external systems X X X
phEventPackage Uploading event/SVN file to Supervisor/Worker

X
phMonitorAgent Monitoring other processes X X X
phParser Parsing event to shared store (SS) X X X
phPerfMonitor Execute performance job X X X
rsyslogd Responsible for forwarding locally generated logs to FortiSIEM X X X