FortiSIEM Manager Collector Health

If your FortiSIEM deployment includes Collectors, you can monitor the status of the Collectors by clicking on a Collector link from the FortiSIEM Manager Health page.
Refer to the 'FortiSIEM Back-End Processes' table below for information about the processes that run on Collectors. 

Click on the FortiSIEM Instance heading (center top) to return to the FortiSIEM Manager Health Page.

Properties Associated with Collector Health

Note: For some settings, a chart icon will appear when hovering over a value. Click on the icon to get chart information.

Collector Property	Description
Organization	Name of the organization to which the Collector belongs.
Name	Name of the Collector.
IP Address	IP address of the Collector.
Health	The health of the Collector. If Health is Critical, it means that one of the modules is not running on the Collector.
Last Status Updated	Health of the Collector based on the health of the modules running on it.
Collector Type	The Collector type is displayed.
Version	The version of the Collector is displayed.
Cores	The number of cores on the Collector is displayed.
Memory Size	The memory size of the Collector is displayed.
Swap Size	The swap size of the Collector is displayed.
Uptime	Total time that the Collector has been up.
EPS	The EPS that the Collector is currently seeing.
CPU	Overall CPU utilization of the Collector.
Memory	Overall memory utilization of the Collector.
Swap	Overall swap utilization of the Collector.
Disk	Overall disk utilization of the Collector.
Max Disk Read Wait	The maximum disk read/wait time (milliseconds).
Max Disk Write wait	The maximum disk write/wait time (milliseconds).
Upload Buffer	The total Buffer in KB used for upload.
Last Event Time	The time when the collector last reported events to the cloud.
Last File Received	The time when the collector last reported its performance status to the cloud.
Upgrade Version	If the Collector has been upgraded, the new version.
Build Date	Date on which the version of FortiSIEM the Collector is running on was built.
Content Version	Version of FortiSIEM the Collector is running on.
Content Update Status	The status of the content update is displayed.
Collector ID	The Collector's ID is displayed.
Install Status	The Install Status of the Collector is displayed.
Download Status	The download status for the Collector is displayed.

Process Properties

Process Property	Description
Process Name	Name of the process.
Owner	The owner of the process.
Status	Status of the process as either Up or Down.
Uptime	Total time that the process has been up.
CPU	Measure of the CPU that the process is using.
Memory	Measure of the Memory that the process is using.
Resident Memory	The amount of memory the process is allocated.
Disk Read Rate	The disk read rate speed (KBps)
Disk Write Rate	The disk write rate speed (KBps)

FortiSIEM Back-End Processes

Process	Function	Used by Supervisor	Used by Worker	Used by Collector
phAgentManager	Execute event pulling job	X	X	X
phCheckpoint	Execute checkpoint monitoring	X	X	X
phDiscover	Pulling basic data from target	X		X
phEventForwarder	Responsible for forwarding events and incidents from FortiSIEM to external systems	X	X	X
phEventPackage	Uploading event/SVN file to Supervisor/Worker			X
phMonitorAgent	Monitoring other processes	X	X	X
phParser	Parsing event to shared store (SS)	X	X	X
phPerfMonitor	Execute performance job	X	X	X
rsyslogd	Responsible for forwarding locally generated logs to FortiSIEM	X	X	X

Collector Property	Description
Host IP	The Host IP address of the tunnel.
Super Port	The supervisor port.
Protocol	The protocol used by the tunnel.
Protocol Port	The port used by the protocol.
Collector	The collector with the open tunnel.
PID	The Process ID.
Opened Time	The amount of time the tunnel is open.