Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Console User Guide

    Home FortiDLP FortiDLP Console User Guide

    Agent health monitoring

    Agent health monitoring

    To ease oversight of nodes, FortiDLP Agent 8.3.0+ reports the state and health of its components to the FortiDLP Infrastructure. This includes action, browser extension, event stream, email plugin, software updater, and OS-specific components.

    The Agent indicates when its components are operational and diagnoses installation, upgrade, and configuration errors. If an error is encountered, the Agent provides instructions to remedy it. This data is shown in the Nodes module.

    The following table lists the states that are reported and provides general descriptions and examples. You can view specific state descriptions for components on the Node profile page.

    Note that states are color-coded in the Nodes module based on their state category:

    • Green (OK) indicates a healthy component that is working as expected.
    • Light green (Pending) indicates a healthy component that is in a transitory state. It should only remain in this state temporarily.
    • Green outline (Info) indicates a healthy component that is not generating events, but doing so as expected.
    • Red (Unhealthy) indicates an unhealthy component that requires attention.
    • Gray (No health data) indicates the Agent is not sending states for the component, either because the Agent is incompatible (that is, its version precedes 8.3.0), the component has been suppressed via the FortiDLP API, or the component is irrelevant (for example, the Agent would not report the state of the macOS Endpoint Security System Extension for a node running Windows or Linux).
      • Note

      If needed, you can suppress a component to disable reporting of its health data. For example, you could suppress the macOS Screenshot Monitor component if you will not allow screenshot actions on the node and you want to prevent that component's health from affecting the overall health of the node.

      This functionality is only supported via the FortiDLP API. For more information, contact Fortinet Support.
    Component states
    State Description Example
    OK The component is functional. N/A
    Inactive The component has either never produced events or stopped producing events. This event stream has not produced an event since {time}
    Pending The component is awaiting an upgrade window during which it will be automatically updated. The Software Updater is waiting for a window to upgrade the Agent
    In progress The component is being automatically updated to a new Agent version. The Software Updater is downloading Agent version {upgrade version number}
    Disabled The component is disabled. The Google Chrome Browser Extension is disabled
    Unused The component is installed and/or enabled, but is not reporting events. The Windows Microsoft Outlook plugin is installed and enabled, but the user has not launched Outlook
    Unsupported The component is not supported by the current Agent version. This component is not compatible with the current Agent/OS version
    Blocked The component is non-functional or partially functional because user privacy preferences have not been granted for the OS. Keystroke monitoring privacy preferences have not been granted
    Capacity exceeded The component has reached or exceeded some fixed or configurable internal limit on its capacity. The Agent has received a large number of Reboot action requests
    Deviated The component has not applied a configuration update from the FortiDLP Infrastructure. The Keystroke Monitor should be disabled, but is currently enabled because the configuration update has not been applied
    Disconnected The component cannot communicate with another Agent component. The Firefox Browser Extension has not communicated with the Agent since Firefox was opened at {time}
    Install incomplete The component is partially installed. The Endpoint Security System Extension is not approved
    Install failed The component failed to install. The Firefox Browser Extension failed to install, and Firefox has been used
    Restart needed The component requires a restart to be functional. The Software Updater upgraded the Agent to version {update version number}, but this Agent has not loaded on the node
    Degraded The component is partially functional due to an error. One or more browser extensions failed to install
    Error The component is non-functional due to an error. The Software Updater encountered an issue with FortiDLP's Update Service: {error}
    Unknown The component's state cannot be identified. The Keystroke Monitor's state cannot be identified
    No health data The component's state is not being reported. A suppressed component will also fall into this category since an operator has disabled reporting of its health data. N/A
    Note

    For Agent 10.1.1–10.4.0, health reporting relating to the installation of the FortiDLP Email Plugin (Legacy) is not supported.
    Previous
    Next

    Agent health monitoring

    Agent health monitoring

    To ease oversight of nodes, FortiDLP Agent 8.3.0+ reports the state and health of its components to the FortiDLP Infrastructure. This includes action, browser extension, event stream, email plugin, software updater, and OS-specific components.

    The Agent indicates when its components are operational and diagnoses installation, upgrade, and configuration errors. If an error is encountered, the Agent provides instructions to remedy it. This data is shown in the Nodes module.

    The following table lists the states that are reported and provides general descriptions and examples. You can view specific state descriptions for components on the Node profile page.

    Note that states are color-coded in the Nodes module based on their state category:

    • Green (OK) indicates a healthy component that is working as expected.
    • Light green (Pending) indicates a healthy component that is in a transitory state. It should only remain in this state temporarily.
    • Green outline (Info) indicates a healthy component that is not generating events, but doing so as expected.
    • Red (Unhealthy) indicates an unhealthy component that requires attention.
    • Gray (No health data) indicates the Agent is not sending states for the component, either because the Agent is incompatible (that is, its version precedes 8.3.0), the component has been suppressed via the FortiDLP API, or the component is irrelevant (for example, the Agent would not report the state of the macOS Endpoint Security System Extension for a node running Windows or Linux).
      • Note

      If needed, you can suppress a component to disable reporting of its health data. For example, you could suppress the macOS Screenshot Monitor component if you will not allow screenshot actions on the node and you want to prevent that component's health from affecting the overall health of the node.

      This functionality is only supported via the FortiDLP API. For more information, contact Fortinet Support.
    Component states
    State Description Example
    OK The component is functional. N/A
    Inactive The component has either never produced events or stopped producing events. This event stream has not produced an event since {time}
    Pending The component is awaiting an upgrade window during which it will be automatically updated. The Software Updater is waiting for a window to upgrade the Agent
    In progress The component is being automatically updated to a new Agent version. The Software Updater is downloading Agent version {upgrade version number}
    Disabled The component is disabled. The Google Chrome Browser Extension is disabled
    Unused The component is installed and/or enabled, but is not reporting events. The Windows Microsoft Outlook plugin is installed and enabled, but the user has not launched Outlook
    Unsupported The component is not supported by the current Agent version. This component is not compatible with the current Agent/OS version
    Blocked The component is non-functional or partially functional because user privacy preferences have not been granted for the OS. Keystroke monitoring privacy preferences have not been granted
    Capacity exceeded The component has reached or exceeded some fixed or configurable internal limit on its capacity. The Agent has received a large number of Reboot action requests
    Deviated The component has not applied a configuration update from the FortiDLP Infrastructure. The Keystroke Monitor should be disabled, but is currently enabled because the configuration update has not been applied
    Disconnected The component cannot communicate with another Agent component. The Firefox Browser Extension has not communicated with the Agent since Firefox was opened at {time}
    Install incomplete The component is partially installed. The Endpoint Security System Extension is not approved
    Install failed The component failed to install. The Firefox Browser Extension failed to install, and Firefox has been used
    Restart needed The component requires a restart to be functional. The Software Updater upgraded the Agent to version {update version number}, but this Agent has not loaded on the node
    Degraded The component is partially functional due to an error. One or more browser extensions failed to install
    Error The component is non-functional due to an error. The Software Updater encountered an issue with FortiDLP's Update Service: {error}
    Unknown The component's state cannot be identified. The Keystroke Monitor's state cannot be identified
    No health data The component's state is not being reported. A suppressed component will also fall into this category since an operator has disabled reporting of its health data. N/A
    Note

    For Agent 10.1.1–10.4.0, health reporting relating to the installation of the FortiDLP Email Plugin (Legacy) is not supported.
    Previous
    Next