Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.2.7 Administration Guide
    7.2.7
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    SNMP traps

    SNMP traps

    Fortinet devices share SNMP traps, but each type of device also has traps specific to that device type. For example FortiManager units have FortiManager specific SNMP traps. To receive Fortinet device SNMP traps, you must load and compile the FORTINET-CORE-MIB into your SNMP manager.

    Traps sent include the trap message as well as the unit serial number (fnSysSerial) and host name (sysName). The Trap Message column includes the message that is included with the trap, as well as the SNMP MIB field name to help locate the information about the trap.

    Event

    Trap Name

    Description

    HA Failover

    ha_switch

    		fmTrapHASwitch FortiManager HA cluster has been re-arranged. A new master has been selected and asserted.
    High Licensed Log GB/day
    lic-gbday    		 fmTrapLicGbDayThreshold Indicates that the used log has exceeded the licensed GB/Day.

    Log Alert

    log-alert

    		fmTrapLogAlert Trap is sent when a log based alert has been triggered. Alert description included in trap.

    CPU usage exclude NICE threshold

    cpu-high-exclude-nice

    		fmTrapCpuThresholdExcludeNice

    Indicates that the CPU usage excluding nice processes has exceeded the threshold.

    This threshold can be set in the CLI using the following commands:

    config system snmp sysinfo

    set trap-cpu-high-exclude-nice-threshold <percentage value>

    end
    High licensed device quota
    lic-dev-quota    		 fmTrapLicDevQuotaThreshold Indicates that the used device quota has exceeded the licensed device quota.
    Log Data Rate
    log-data-rate    		 fmTrapLogDataRateThreshold

    Indicates that the incoming log data rate has exceeded the threshold.

    The peak data rate is calculated using the peak log rate x 512 bytes (average log size).

    Log Rate

    log-rate

    		fmTrapLogRateThreshold

    Indicates that the incoming log rate has exceeded the threshold.

    To determine the peak log rate, use the following CLI command: get system loglimits
    System Restart
    sys_reboot    		 fmTrapPowerStateChange Trap is sent when there is a change in the status of the power supply, if present.

    CPU Overuse

    cpu_high

    		fnTrapCpuThreshold

    Indicates that the CPU usage has exceeded the configured threshold.

    This threshold can be set in the CLI using the following commands:

    config system snmp sysinfo

    set trap-high-cpu-threshold <percentage value>

    end
    Memory Low
    mem_low

    fnTrapMemThreshold

    Indicates memory usage has exceeded the configured threshold.

    This threshold can be set in the CLI using the following commands:

    config system snmp sysinfo

    set trap-low-memory-threshold <percentage value>

    end

    Log Disk Space Low

    disk_low

    		fnTrapLogDiskThreshold Log disk usage has exceeded the configured threshold. Only available on devices with log disks.

    Interface IP changed

    intf_ip_chg

    		fnTrapIpChange Indicates that the IP address of the specified interface has been changed. The trap message includes the name of the interface, the new IP address and the serial number of the Fortinet unit. You can use this trap to track interface IP address changes for interfaces with dynamic IP addresses set using DHCP or PPPoE.
    Previous
    Next

    SNMP traps

    SNMP traps

    Fortinet devices share SNMP traps, but each type of device also has traps specific to that device type. For example FortiManager units have FortiManager specific SNMP traps. To receive Fortinet device SNMP traps, you must load and compile the FORTINET-CORE-MIB into your SNMP manager.

    Traps sent include the trap message as well as the unit serial number (fnSysSerial) and host name (sysName). The Trap Message column includes the message that is included with the trap, as well as the SNMP MIB field name to help locate the information about the trap.

    Event

    Trap Name

    Description

    HA Failover

    ha_switch

    		fmTrapHASwitch FortiManager HA cluster has been re-arranged. A new master has been selected and asserted.
    High Licensed Log GB/day
    lic-gbday    		 fmTrapLicGbDayThreshold Indicates that the used log has exceeded the licensed GB/Day.

    Log Alert

    log-alert

    		fmTrapLogAlert Trap is sent when a log based alert has been triggered. Alert description included in trap.

    CPU usage exclude NICE threshold

    cpu-high-exclude-nice

    		fmTrapCpuThresholdExcludeNice

    Indicates that the CPU usage excluding nice processes has exceeded the threshold.

    This threshold can be set in the CLI using the following commands:

    config system snmp sysinfo

    set trap-cpu-high-exclude-nice-threshold <percentage value>

    end
    High licensed device quota
    lic-dev-quota    		 fmTrapLicDevQuotaThreshold Indicates that the used device quota has exceeded the licensed device quota.
    Log Data Rate
    log-data-rate    		 fmTrapLogDataRateThreshold

    Indicates that the incoming log data rate has exceeded the threshold.

    The peak data rate is calculated using the peak log rate x 512 bytes (average log size).

    Log Rate

    log-rate

    		fmTrapLogRateThreshold

    Indicates that the incoming log rate has exceeded the threshold.

    To determine the peak log rate, use the following CLI command: get system loglimits
    System Restart
    sys_reboot    		 fmTrapPowerStateChange Trap is sent when there is a change in the status of the power supply, if present.

    CPU Overuse

    cpu_high

    		fnTrapCpuThreshold

    Indicates that the CPU usage has exceeded the configured threshold.

    This threshold can be set in the CLI using the following commands:

    config system snmp sysinfo

    set trap-high-cpu-threshold <percentage value>

    end
    Memory Low
    mem_low

    fnTrapMemThreshold

    Indicates memory usage has exceeded the configured threshold.

    This threshold can be set in the CLI using the following commands:

    config system snmp sysinfo

    set trap-low-memory-threshold <percentage value>

    end

    Log Disk Space Low

    disk_low

    		fnTrapLogDiskThreshold Log disk usage has exceeded the configured threshold. Only available on devices with log disks.

    Interface IP changed

    intf_ip_chg

    		fnTrapIpChange Indicates that the IP address of the specified interface has been changed. The trap message includes the name of the interface, the new IP address and the serial number of the Fortinet unit. You can use this trap to track interface IP address changes for interfaces with dynamic IP addresses set using DHCP or PPPoE.
    Previous
    Next