FortiSIEM Manager Cloud Health

The FortiSIEM Manager Cloud Health page displays the status of the nodes in your deployment and the processes running on them. The top frame displays all of the available clouds and the lower frame provides information about the applications that are contained in the cloud selected in the main frame.

Click on the FortiSIEM Manager or FortiSIEM Instance heading (center top) to return to the FortiSIEM Manager Health Page.

Complete these steps to view the information about Cloud health:

• From the FortiSIEM Manager Health page, click on the FortiSIEM Manager header or a FortiSIEM instance header. The Cloud Health page displays the health of your FortiSIEM Manager or instance.
  See the FortiSIEM Back-End Processes table for more information about the system role played by each process.
  

  or

• From the FortiSIEM Manager Health page, click on a Collector link from a FortiSIEM instance to go to the Collector Health page for that FortiSIEM Instance's Collector(s).

First Frame

Note: For some settings, a chart icon will appear when hovering over a value. Click on the icon to get chart information.

Settings	Description
Name	Name of the available clouds
IP Address	IP address of the available clouds
Module Role	Module role, for example, 'Supervisor'
Health	Current health of the cloud. This is color coded (normal - green, warning - yellow, critical - red)
Last Status Updated	The date and time when the most recent status occurred.
Version	Current version of the cloud
Cores	Number of cores
Memory Size	The memory size
Swap Size	The swap size
EPS	Events per second Note: Only appears for instances, not FortiSIEM Manager.
Load Average	Average load of the cloud
CPU	Percentage CPU used
Memory	Percentage Memory used
Swap	Percentage Swap space used
Disk	Percentage Disk used
Max Disk Read Wait	The maximum disk read/wait time (milliseconds).
Max Disk Write wait	The maximum disk write/wait time (milliseconds).
Upload Buffer	The current upload buffer size (KB) and queue.
Content Version	The version of the content.

Second Frame

 

Settings	Description
Process Name	Name of the process
Owner	The owner of the process
Status	Status of the process
Uptime	Total up time of the process
CPU	Measure of the CPU that the process is using
Memory	Measure of the Memory that the process is using
Resident Memory	The amount of memory the process is allocated
Disk Read Rate	The disk read rate speed (KBps)
Disk Write Rate	The disk write rate speed (KBps)
SharedStore Type	SharedStore type (reader, writer)
SharedStore Position	SharedStore location
SharedStore Percent	SharedStore utilization percentage

FortiSIEM Back-End Processes

 

Process	Function	Present in Manager	Present in Supervisor	Present in Worker	Present in Collector
Apache	Webserver for front-ending http(s) requests to AppSvr or other FortiSIEM nodes	x	x	x	x
AppSvr	Middleware for handling GUI requests, storing and managing PostgreSQL database and serving REST API requests from FortiSIEM nodes	x	x
DBSvr	PostgreSQL Database for storing information displayed in FortiSIEM GUI other than events	x	x
Node.js-charting	Message
Node.js-pm2
phAgentManager	Collects logs and metrics from devices or servers using protocols other than SNMP and WMI.		x	x	x
phCheckpoint	Collects logs from Checkpoint firewalls via LEA
phDataManager	Stores the parsed events to event store (FortiSIEM EventDB or Elasticsearch)		x	x
phDataPurger	Archives online event store (FortiSIEM EventDB or Elasticsearch). Implements event retention policy for FortiSIEM EventDB - both online FortiSIEM EventDB and archive.		x
phDiscover	Discovers devices using various protocols such as SNMP, WMI and SSH		x		x
phEventForwarder	Forwards events from FortiSIEM to external Systems		x	x	x
phIpIdentityMaster	Merges Identity and location audit trails from multiple phIpIdentityWorker modules to produce the final Identity and location audit trail. Stores the trail in PostgreSQL Database.
phIpIdentityWorker	Produces Identity and location audit trail based on its own view of events		x	x
phMonitor	Monitors the health of FortiSIEM processes. Distributes tasks from AppSvr to various processes on Supervisor and to phMonitor on Worker for further distribution to processes on Worker nodes.	x	x	x	x
phParser	Parses raw events and prepares them for storing into event store (FortiSIEM EventDB or Elasticsearch)		x	x	x
phPerfMonitor	Continually collects performance monitoring and configuration change data after discovery completes		x	x	x
phQueryMaster	Handles Adhoc queries from GUI for FortiSIEM EventDB. Paralellizes queries by sending them to phQueryWorkers and merges individual results to produce the final result.		x
phQueryWorker	Handles individual FortiSIEM EventDB queries from phQueryMaster		x	x
phReportLoader	Loads Report data into Report Server.		x
phReportMaster	Handles individual FortiSIEM EventDB inline reports. Produces results every 5 minutes.		x
phReportWorker	Handles inline event reports FortiSIEM EventDB.Merges individual inline report results multiple phReportMaster modules to produce the final result. Rolls up results from 5 minute intervals to 15 minute intervals and then to 60 minute intervals.		x
phRuleMaster	Triggers a rule in real time by evaluating rule summaries from individual phRuleWorker modules		x
phRuleWorker	Evaluates a rule in real time based on events seen by the worker and sends a summary to the phRuleMaster module		x	x
Redis	In-memory distributed database for holding results returned by Elasticsearch and for distributing CMDB objects between Supervisor and Worker nodes.		x	x
Rsyslogd	Responsible for forwarding locally generated logs to FortiSIEM.	x	x	x	x
SVNLite	A light weight version of Subversion, this file revision management tool stores the file change history for windows/linux servers, routers/switches and windows/linux agents. Note:  Files are stored in /svn/repos. To conserve space, files are automatically deleted when the disk gets full based on thresholds defined in svnlite.revisions.purge on the Supervisor.		x