Viewing Cloud Health
The ADMIN > Health > Cloud Health page displays the status of the nodes in your deployment and the processes running on them. The top frame displays all of the available clouds and the lower frame provides information about the applications that are contained in the cloud selected in the main frame.
Complete these steps to view the information about Cloud health:
- Go to ADMIN > Health > Cloud Health tab.
- Click any node in the first frame to view its process details in the second frame.
See the FortiSIEM Back-End Processes table for more information about the system role played by each process.
First Frame
Settings | Description |
---|---|
Name | Name of the available clouds |
IP Address | IP address of the available clouds |
Module Role | Module role, for example, 'Supervisor' |
Health | Current health of the cloud |
Version | Current version of the cloud |
Upgrade Version | Upgrade version number |
Build Date | Date when the cloud was created |
Cores | Number of cores |
Load Average | Average load of the cloud |
CPU | Percentage CPU used |
Swap Size | Swap size |
Swap Used | Swap used |
Memory Size | Maximum memory size |
Memory Used | Memory used |
Up Time | Total time that the cloud was in 'Up' status |
Last Report Sync | Time when the report was synched previously |
Second Frame
Settings | Description |
---|---|
Process Name | Name of the process |
Status | Status of the process |
Up Time | Total up time of the process |
CPU | Measure of the CPU that the process is using |
Event Rate | Events used each second by the process |
Physical Memory | Amount of physical memory used by the process |
Virtual Memory | Amount of virtual memory used by the process |
SharedStore ID and SharedStore Position | SharedStore ID and position information |
FortiSIEM Back-End Processes
Process | Function | Present in Supervisor | Present in Worker | Present in Collector |
---|---|---|---|---|
Apache | Webserver for front-ending http(s) requests to AppSvr or other FortiSIEM nodes | x | x | x |
AppSvr | Middleware for handling GUI requests, storing and managing PostgreSQL database and serving REST API requests from FortiSIEM nodes | x | ||
DBSvr | PostgreSQL Database for storing information displayed in FortiSIEM GUI other than events | x | ||
Node.js-charting | Message | |||
Node.js-pm2 | ||||
phAgentManager | Collects logs and metrics from devices or servers using protocols other than SNMP and WMI. | x | x | x |
phCheckpoint | Collects logs from Checkpoint firewalls via LEA | |||
phDataManager | Stores the parsed events to event store (FortiSIEM EventDB or Elasticsearch) | x | x | |
phDataPurger | Archives online event store (FortiSIEM EventDB or Elasticsearch). Implements event retention policy for FortiSIEM EventDB - both online FortiSIEM EventDB and archive. | x | ||
phDiscover | Discovers devices using various protocols such as SNMP, WMI and SSH | x | x | |
phEventForwarder | Forwards events from FortiSIEM to external Systems | x | x | x |
phIpIdentityMaster | Merges Identity and location audit trails from multiple phIpIdentityWorker modules to produce the final Identity and location audit trail. Stores the trail in PostgreSQL Database. | |||
phIpIdentityWorker | Produces Identity and location audit trail based on its own view of events | x | x | |
phMonitor | Monitors the health of FortiSIEM processes. Distributes tasks from AppSvr to various processes on Supervisor and to phMonitor on Worker for further dustribution to processes on Worker nodes. | |||
phParser | Parses raw events and preparses them for storing into event store (FortiSIEM EventDB or Elasticsearch) | x | x | x |
phPerfMonitor | Continually collects performance monitoring and configuration change data after discovery completes | x | x | x |
phQueryMaster | Handles Adhoc queries from GUI for FortiSIEM EventDB. Paralellizes queries by sending them to phQueryWorkers and merges individual results to produce the final result. | x | ||
phQueryWorker | Handles individual FortiSIEM EventDB queries from phQueryMaster | x | x | |
phReportLoader | Loads Report data into Report Server. | x | ||
phReportMaster | Handles individual FortiSIEM EventDB inline reports. Produces results every 5 minutes. | x | ||
phReportWorker | Handles inline event reports FortiSIEM EventDB.Merges individual inline report results multiple phReportMaster modules to produce the final result. Rolls up results from 5 minute intervals to 15 minute intervals and then to 60 minute intervals. | x | ||
phRuleMaster | Triggers a rule in real time by evaluating rule summaries from individual phRuleWorker modules | x | ||
phRuleWorker | Evaluates a rule in real time based on events seen by the worker and sends a summary to the phRuleMaster module | x | x | |
Redis | In-memory distributed database for holding results returned by Elasticsearch and for distributing CMDB objects between Supervisor and Worker nodes. | x | x |