Logging FortiMonitor-detected performance metrics

This information is also available in the FortiOS 7.4 Administration Guide: SD-WAN application monitor using FortiMonitor

FortiGate can log statistics when using FortiMonitor to detect advanced SD-WAN application performance metrics. These logs may also be sent to FortiAnalyzer and FortiManager for review and reporting.

You can control the logging frequency using the app-perf-log-period command:

config system sdwan
    set app-perf-log-period <time in seconds>
end

Example

This example is based on the following topology:

To configure logging of FortiMonitor-detected performance metrics:

1. Configure the address objects for each FortiMonitor client:

   config firewall address
       edit "FMR_OnSight1"
           set subnet 10.2.1.80 255.255.255.255
       next
       edit "FMR_OnSight2"
           set subnet 10.2.1.81 255.255.255.255
       next
   end

2. Set the logging frequency:

   config system sdwan
       set status enable
       set app-perf-log-period 60
   end

3. Configure the SD-WAN zone and members:

   config system sdwan
       config zone
           edit "virtual-wan-link"
           next
       end
       config members
           edit 1
               set interface "v1236"
               set gateway 10.12.36.2
           next
           edit 2
               set interface "v1237"
               set gateway 10.12.37.20
           next
       end
   end

4. Configure the SD-WAN rules:

   config system sdwan
       config service
           edit 1
               set dst "all"
               set src "FMR_OnSight1"
               set priority-members 2
               set agent-exclusive enable
           next
           edit 2
               set dst "all"
               set src "FMR_OnSight2"
               set priority-members 1
               set agent-exclusive enable
           next
       end
   end

5. Configure the SD-WAN health check:

   config system sdwan
       config health-check
           edit "FMR"
               set detect-mode agent-based
               set probe-timeout 60000
               set recoverytime 1
               set members 1 2
               config sla
                   edit 1
                   next
               end
           next
       end
   end

To verify SD-WAN member performance and review logs:

1. Verify the health check diagnostics:

   # diagnose sys sdwan health-check
       Health Check(FMR): 
       Seq(1 v1236): state(alive), packet-loss(0.000%) latency(200.099), jitter(0.201), mos(4.171), bandwidth-up(999989), bandwidth-dw(999983), bandwidth-bi(1999972) sla_map=0x0
       Seq(2 v1237): state(alive), packet-loss(0.000%) latency(200.103), jitter(0.391), mos(4.169), bandwidth-up(999994), bandwidth-dw(999981), bandwidth-bi(1999975) sla_map=0x0

2. Review the SD-WAN logs:

   # execute log filter category event
   # execute log filter field subtype sdwan
   # execute log display
   
   1: date=2023-01-27 time=16:32:15 eventtime=1674865935918381398 tz="-0800" logid="0113022937" type="event" subtype="sdwan" level="information" vd="root" logdesc="Virtuan WAN Link application performance metrics via FortiMonitor" eventtype="Application Performance Metrics" app="fortinet.com" appid=0 interface="v1237" latency="200.2" jitter="0.6" packetloss="0.0" serverresponsetime="827.7" networktransfertime="107.7" apperror="0.0" timestamp="01-28 00:31:59" msg="Application Performance Metrics via FortiMonitor"
   
   2: date=2023-01-27 time=16:32:15 eventtime=1674865935918367770 tz="-0800" logid="0113022937" type="event" subtype="sdwan" level="information" vd="root" logdesc="Virtuan WAN Link application performance metrics via FortiMonitor" eventtype="Application Performance Metrics" app="fortinet.com" appid=0 interface="v1236" latency="200.0" jitter="0.3" packetloss="0.0" serverresponsetime="870.6" networktransfertime="130.4" apperror="0.0" timestamp="01-28 00:31:59" msg="Application Performance Metrics via FortiMonitor"
   
   3: date=2023-01-27 time=16:31:15 eventtime=1674865875917685437 tz="-0800" logid="0113022937" type="event" subtype="sdwan" level="information" vd="root" logdesc="Virtuan WAN Link application performance metrics via FortiMonitor" eventtype="Application Performance Metrics" app="fortinet.com" appid=0 interface="v1237" latency="200.5" jitter="0.7" packetloss="0.0" serverresponsetime="1008.9" networktransfertime="129.8" apperror="0.0" timestamp="01-28 00:31:02" msg="Application Performance Metrics via FortiMonitor"
   
   4: date=2023-01-27 time=16:31:15 eventtime=1674865875917672824 tz="-0800" logid="0113022937" type="event" subtype="sdwan" level="information" vd="root" logdesc="Virtuan WAN Link application performance metrics via FortiMonitor" eventtype="Application Performance Metrics" app="fortinet.com" appid=0 interface="v1236" latency="200.3" jitter="0.8" packetloss="0.0" serverresponsetime="825.4" networktransfertime="106.4" apperror="0.0" timestamp="01-28 00:31:02" msg="Application Performance Metrics via FortiMonitor"
   
   5: date=2023-01-27 time=16:30:15 eventtime=1674865815912801725 tz="-0800" logid="0113022937" type="event" subtype="sdwan" level="information" vd="root" logdesc="Virtuan WAN Link application performance metrics via FortiMonitor" eventtype="Application Performance Metrics" app="fortinet.com" appid=0 interface="v1237" latency="200.1" jitter="0.4" packetloss="0.0" serverresponsetime="845.4" networktransfertime="116.0" apperror="0.0" timestamp="01-28 00:30:01" msg="Application Performance Metrics via FortiMonitor"
   
   6: date=2023-01-27 time=16:30:15 eventtime=1674865815912786458 tz="-0800" logid="0113022937" type="event" subtype="sdwan" level="information" vd="root" logdesc="Virtuan WAN Link application performance metrics via FortiMonitor" eventtype="Application Performance Metrics" app="fortinet.com" appid=0 interface="v1236" latency="200.0" jitter="0.3" packetloss="0.0" serverresponsetime="1032.0" networktransfertime="138.9" apperror="0.0" timestamp="01-28 00:30:01" msg="Application Performance Metrics via FortiMonitor"