Fortinet black logo

User Guide

Home FortiMonitor 24.2.0 User Guide

View incident details

24.2.0
24.2.0
Copy Link
Copy Doc ID af1daa65-c273-11ec-9fd1-fa163e15d75b:538113
Download PDF

View incident details

Opening or clicking an incident opens the incident's details page which shows relevant information that can help you find the root cause of an incident and track its status.

Key data points

  • Start time

  • Duration

  • Traceroute information for external and synthetic checks (HTTP, HTTPS, etc)

  • Detailed metric results

  • CounterMeasure output

Available actions

  • View relevant incident data

  • Tag incidents

  • Acknowledge and set an incident lead

  • Start a maintenance

  • Add messages to the timeline

Incident Header overview

The Incident Header section provides a high-level overview of the incident.

The following table describes the fields and options in the Incident Header.

Field

Description

Incident ID

The unique identifier of the incident.

Primary FQDN and instance name

The primary FQDN and instance name (if you named the server) of the server where the incident occurred.

Status

The current status of the incident.

  • Active

  • Resolved

Severity

The severity of the incident:

  • Warning

  • Critical

Incident lead

The team member responsible for the incident. To set the Incident Lead for the incident, see Set Incident Lead.

Start time

The start time, date, and timezone of the incident.

End time

The end time, date, and timezone of the incident.

Duration

The amount of time that the incident has been active.

Add Incident summary

Adding an incident summary can help provide context or additional information about the incident. To add an incident summary, click Add Incident Summary.
Note:A template format can be set for the Incident Summary. To have this enabled, contact Support.

Incident tags

To add tags to the incident, see Add incident tags.

You can also perform several actions from the header. These actions are described in the following sections.

Set Incident Lead

You can assign a team member as the Incident Lead by clicking Set Incident Lead and selecting a user from the dropdown.

Acknowledge an incident

Acknowledging an incident marks the incident with your username. While acknowledging an incident, you can add a message to the incident log. You also have the option to:

  • Broadcast a message to all users and integrations in the Alert Timeline who've been previously alerted.

  • Delay further alerts for a set amount of time.

  • Cancel all future alerts related to the incident.

To acknowledge an incident, click Acknowledge. The Acknowledge Incident drawer, from where you can perform several actions, will slide out.

For more information on acknowledging incidents, see Respond to an incident and delay further alerts.

Start a maintenance

You have two options to put the server affected by the incident under maintenance:

  • Quick – To immediately start the maintenance, click Start Maint then select a duration.

  • Custom – The custom option allows you to control the handling of the maintenance period, including the timing, scope, and other monitoring options. The options are described in Maintenance Schedules.

To extend/end the maintenance, or if you need more information, see Maintenance Schedules.

Add incident tags

Tagging an incident provides a way to categorize and filter incidents in your infrastructure. You can add tags by clicking Add incident tags.

Additional actions

Clicking the 3-dot menu will show the rest of the actions that can be performed on the incident. The following table describes these actions in detail.

Action

Description

Include in availability

Include this alert to your instances' availability calculation.

Exclude from availability

Exclude this alert from your instances' availability calculation.

Disable all clear

Disable the all-clear alert notification. For more information, see Disable all-clear alerts.

Delay Alerts

Postpone the next event on the Alert Timeline for a specified length of time.

  • 15 minutes

  • 30 minutes

  • 1 hour

  • 2 hours

Escalate Alerts

Immediately send all scheduled alerts on the Alert Timeline. This means that even if you have configured the Alert Timeline to send an alert after 10 minutes, you can override this and send the alert earlier.

Cancel Alerts

Cancel all succeeding alerts. No further alerts will be sent.

Event panel

A single incident may trigger several associated events. The Event panel shows the current status of an affected metric as an event. From here, you can see details such as when the event started and for how long the event has been occurring. CounterMeasure action output can also be viewed from this panel.

Each event panel can be expanded (or collapsed) to show more details.

For events associated with network-based services, the check results and traceroute output are shown together with the timeline. The Traceroute section also indicates the types of traceroutes ran on the incident.

CounterMeasures selection and details

The CounterMeasure is presented in a collapsible panel that details each of the CounterMeasure actions executed on the instance. Click an action to view the output of the CounterMeasure action.

Timeline and Messages

The Timeline & Messages section focuses on two things. First is Upcoming Events, which lists pending events for the lifetime of the incident. Next is Messages which details all of the sent messages or communication related to the incident.

Comments can also be added to the timeline. Comments can be optionally broadcasted or be made public by enabling the following options:

  • Broadcast – The comment is sent to contacts that have previously been alerted.

  • Public – The comment is visible in public status pages.

Upcoming Events

The tab also shows a list of events that will be triggered as scheduled. This includes:

  • The next CounterMeasure action to be executed, if any

  • The next incident alert based on the instance's Alert Timeline

  • Active maintenance

  • Upcoming maintenance

Performance

The Performance section provides a visual representation of the status of all of the metrics being monitored on the instance. Each metric is represented by a line graph that can be filtered based on the metric type and scoped using a specific time range.

For network devices, the Network Ports tab displays the status of each port on the device.

Incident Duration

Selecting an Incident Duration updates the graphs based on the time selected.

Incident History

All of the incidents that have occurred on an instance are detailed in the Incident History section. The Incident ID, the time when the incident occurred, and the description are detailed in the list.

Select See full history to view the full list. The list can also be fine-tuned by generating an Incident Report.

Metric History

The Metric History tab provides a log of all the metric data collected based on the configured check frequency.

For network service checks, a log of all network service checks from the primary monitoring location and other confirmation check locations. You can refine the results by selecting from the list of available locations.

Previous
Next

View incident details

Opening or clicking an incident opens the incident's details page which shows relevant information that can help you find the root cause of an incident and track its status.

Key data points

  • Start time

  • Duration

  • Traceroute information for external and synthetic checks (HTTP, HTTPS, etc)

  • Detailed metric results

  • CounterMeasure output

Available actions

  • View relevant incident data

  • Tag incidents

  • Acknowledge and set an incident lead

  • Start a maintenance

  • Add messages to the timeline

Incident Header overview

The Incident Header section provides a high-level overview of the incident.

The following table describes the fields and options in the Incident Header.

Field

Description

Incident ID

The unique identifier of the incident.

Primary FQDN and instance name

The primary FQDN and instance name (if you named the server) of the server where the incident occurred.

Status

The current status of the incident.

  • Active

  • Resolved

Severity

The severity of the incident:

  • Warning

  • Critical

Incident lead

The team member responsible for the incident. To set the Incident Lead for the incident, see Set Incident Lead.

Start time

The start time, date, and timezone of the incident.

End time

The end time, date, and timezone of the incident.

Duration

The amount of time that the incident has been active.

Add Incident summary

Adding an incident summary can help provide context or additional information about the incident. To add an incident summary, click Add Incident Summary.
Note:A template format can be set for the Incident Summary. To have this enabled, contact Support.

Incident tags

To add tags to the incident, see Add incident tags.

You can also perform several actions from the header. These actions are described in the following sections.

Set Incident Lead

You can assign a team member as the Incident Lead by clicking Set Incident Lead and selecting a user from the dropdown.

Acknowledge an incident

Acknowledging an incident marks the incident with your username. While acknowledging an incident, you can add a message to the incident log. You also have the option to:

  • Broadcast a message to all users and integrations in the Alert Timeline who've been previously alerted.

  • Delay further alerts for a set amount of time.

  • Cancel all future alerts related to the incident.

To acknowledge an incident, click Acknowledge. The Acknowledge Incident drawer, from where you can perform several actions, will slide out.

For more information on acknowledging incidents, see Respond to an incident and delay further alerts.

Start a maintenance

You have two options to put the server affected by the incident under maintenance:

  • Quick – To immediately start the maintenance, click Start Maint then select a duration.

  • Custom – The custom option allows you to control the handling of the maintenance period, including the timing, scope, and other monitoring options. The options are described in Maintenance Schedules.

To extend/end the maintenance, or if you need more information, see Maintenance Schedules.

Add incident tags

Tagging an incident provides a way to categorize and filter incidents in your infrastructure. You can add tags by clicking Add incident tags.

Additional actions

Clicking the 3-dot menu will show the rest of the actions that can be performed on the incident. The following table describes these actions in detail.

Action

Description

Include in availability

Include this alert to your instances' availability calculation.

Exclude from availability

Exclude this alert from your instances' availability calculation.

Disable all clear

Disable the all-clear alert notification. For more information, see Disable all-clear alerts.

Delay Alerts

Postpone the next event on the Alert Timeline for a specified length of time.

  • 15 minutes

  • 30 minutes

  • 1 hour

  • 2 hours

Escalate Alerts

Immediately send all scheduled alerts on the Alert Timeline. This means that even if you have configured the Alert Timeline to send an alert after 10 minutes, you can override this and send the alert earlier.

Cancel Alerts

Cancel all succeeding alerts. No further alerts will be sent.

Event panel

A single incident may trigger several associated events. The Event panel shows the current status of an affected metric as an event. From here, you can see details such as when the event started and for how long the event has been occurring. CounterMeasure action output can also be viewed from this panel.

Each event panel can be expanded (or collapsed) to show more details.

For events associated with network-based services, the check results and traceroute output are shown together with the timeline. The Traceroute section also indicates the types of traceroutes ran on the incident.

CounterMeasures selection and details

The CounterMeasure is presented in a collapsible panel that details each of the CounterMeasure actions executed on the instance. Click an action to view the output of the CounterMeasure action.

Timeline and Messages

The Timeline & Messages section focuses on two things. First is Upcoming Events, which lists pending events for the lifetime of the incident. Next is Messages which details all of the sent messages or communication related to the incident.

Comments can also be added to the timeline. Comments can be optionally broadcasted or be made public by enabling the following options:

  • Broadcast – The comment is sent to contacts that have previously been alerted.

  • Public – The comment is visible in public status pages.

Upcoming Events

The tab also shows a list of events that will be triggered as scheduled. This includes:

  • The next CounterMeasure action to be executed, if any

  • The next incident alert based on the instance's Alert Timeline

  • Active maintenance

  • Upcoming maintenance

Performance

The Performance section provides a visual representation of the status of all of the metrics being monitored on the instance. Each metric is represented by a line graph that can be filtered based on the metric type and scoped using a specific time range.

For network devices, the Network Ports tab displays the status of each port on the device.

Incident Duration

Selecting an Incident Duration updates the graphs based on the time selected.

Incident History

All of the incidents that have occurred on an instance are detailed in the Incident History section. The Incident ID, the time when the incident occurred, and the description are detailed in the list.

Select See full history to view the full list. The list can also be fine-tuned by generating an Incident Report.

Metric History

The Metric History tab provides a log of all the metric data collected based on the configured check frequency.

For network service checks, a log of all network service checks from the primary monitoring location and other confirmation check locations. You can refine the results by selecting from the list of available locations.

Previous
Next