FortiGate / FortiOS

FortiManager

FortiAnalyzer

User Guide

Getting started
- Part 1: Add your infrastructure to FortiMonitor
- Part 2: Monitoring
- Part 3: Alert Timelines
- Part 4: Visualization
- Part 5: Team Management
- Part 6: Reports
- Part 7: CounterMeasures
- Supported browsers
Infrastructure Map
Users, Groups, and Authentication
- Add users to your account
- Single sign-on (SSO)
Instance Details page
- Assign Alert Timelines
- Create an Instance Group
Multi-region support
My Account
- Can I see what changes have been made to my account and by whom?
- Manage email preferences
Dashboards
- Dashboard widgets
- Clone a widget
- Topology Maps
  - Create and save views
Monitoring
- Add monitoring to an existing server
- Tags and Attributes
- Monitoring locations
  - Specifying confirmation check locations
  - Global monitoring network
    - Checker IP changes
- Advanced monitoring features
  - Compound metrics
  - Force a DNS update after an IP address change
- Monitoring policies
- Monitoring guides
  - MySQL monitoring
  - Redis monitoring
Templates
- Default templates
- Configure a template
- Apply server templates
- Template pattern matching
- Disassociate a template from multiple instances
Cloud monitoring
- AWS
- Azure
  - Azure App Service
- Google Cloud Platform
- Kubernetes
  - Kubernetes Details page
Application monitoring
- Get started with Application Monitoring
- Add an Application
- UX score
Path monitoring
SD-WAN application monitoring
- FortiGate and OnSight configuration for SD-WAN synthetic monitoring
- Set up SD-WAN application monitoring
Security Fabric
- Fabric Tunnel connected to FortiMonitor cloud (FortiOS 7.0 and newer)
- Fabric 7.x OnSight proxy
- Fabric 6.x Integration
- Fabric integration via FortiManager proxy
Network device monitoring
NetFlow monitoring
- Estimator mode
VMware
Network checks
- Network service checks
- Synthetic Monitoring
  - HTTP
  - HTTPS
- Browser synthetic (multistep) check
  - Available multistep commands
- JavaScript synthetic
  - Set up a JavaScript synthetic check environment
- Configure incident alert and response time thresholds
- Dynamic variables
FortiMonitor Agent
- Install the FortiMonitor Agent
- Add FortiMonitor Agent checks
- FortiMonitor Agent Security
- Network proxy configuration
- Windows Agent auto-update
- Add plugins to a blacklist
- Add metrics using Windows Performance Monitor
- Prepare a FortiMonitor Agent for server imaging/cloning
- Rebuild the FortiMonitor Agent metadata
- IP matching
- Start or end Maintenance from the FortiMonitor Linux Agent
- Migrate configuration to FortiMonitor Agent
- Troubleshooting the FortiMonitor Agent
- Automate the Agent installation
  - Use the FortiMonitor Agent manifest file
  - Remove an instance automatically
- Custom metrics and incidents
- Application plugins
Endpoint Agent
- Add a Windows Endpoint FortiMonitor Agent
- Add a MacOS Agent
CounterMeasures
- Linux CounterMeasures
  - Standard Linux CounterMeasure actions
  - Custom Linux CounterMeasure actions
- Windows CounterMeasures
  - Standard Windows CounterMeasure Actions
  - Custom Windows CounterMeasures actions
- CounterMeasures security
- CounterMeasures Slack integration
OnSight vCollector
- One-liner installer
- OnSight virtual image installation
- OnSight AMI installation
- OnSight for Azure installation
- Automate the OnSight deployment
- Monitor a device that has not been discovered with OnSight
- OnSight discovery
- Upgrading the OnSight
- Manage and configure your OnSight vCollector
- OnSight custom plugins
- Additional setup and helpful tips
Third-party integration
- Arista CloudVision integration
- Alkira integration
SNMP
- SNMP traps
- SNMP polling
- Configure SNMP alert thresholds
- SNMP troubleshooting
- Handling received SNMP trap data with a custom plugin
Alerting
- Alert Timelines
- Email
- SMS
- Integrations
- Limit the number of confirmation checks for an outage
- Set up an On-Call schedule
- Multiple server outages
- Notification for an individual service on a server
- Long-running incidents
- Setting aside alerts
- Parent-child alerting for Fabric and SNMP devices
Incident Hub
- View incident details
- Incident Solutions
- Create an incident using email
Reports
- Create a report
- Public status pages
- Exporting Metric Reports for long duration time periods
Maintenance Schedules
- Apply maintenance to instances by OnSight
- Maintenance history
API
- API rate limits
- API keys
- View the API library
- Custom incidents using API
- Postman
Multi-tenancy
- Manage subtenants
- Manage a multi-tenant environment
  - Multi-tenant dashboards
- White label options
Mobile app
- Acknowledging incidents and other actions
NCM
- NCM installation and initial configuration
- NCM Supported Devices
- Backup
  - Backup filters
- Search syntax help
- Mass Config Push
  - Device mode table
  - VT100 Control / Command sequences
- Device variables
- NCM Slack configuration
- System login
- Discovery
- Scheduling
- User security and access roles
- Sensitive data stripping
Integrations
FAQ
- Data Retention and Compliance
Get support

Home FortiMonitor 26.1.0 User Guide

26.1.0

OnSight custom plugins

OnSights support two kinds of custom plugins that can be run on instances that are unable to support a FortiMonitor Agent such as network devices and PaaS cloud services.

This feature is only available on the OnSight vCollector.

OnSight custom plugins:

Custom CounterMeasure action plugins
Custom metric plugins

Custom CounterMeasure actions and custom metric plugins can also be developed locally using the Local development environment. These plugins can then be uploaded to OnSight to run in a production environment. You need Docker to use the development environment.

Note: Custom plugins are only available on OnSights where they are deployed. For OnSight groups, the custom plugins must be deployed to all OnSights in the group. See Deployment.

CounterMeasure action plugins

OnSight-based CounterMeasures allows CounterMeasures to be run on instances that cannot use the FortiMonitor Agent. OnSight-based CounterMeasures actions are executed from the OnSight and have the ability to target any number of remote targets corresponding to instances monitored from that OnSight. These CounterMeasure actions are primarily intended to target actions and data collection from remote devices and not from the OnSight host itself. The following are a few scenarios where OnSight-based CounterMeasures can be useful.

Run CounterMeasures on network devices which do not run FortiMonitor Agents
Trigger API calls to virtualization systems like VCenter, Nutanix, HyperV
Trigger API calls to cloud providers (AWS, Azure, Google) for PaaS and SaaS services

To create a CounterMeasure action plugin, see Creating a custom CounterMeasure.

Custom metric plugins

You can add your own custom metric plugins to the OnSight to allow you to collect metrics from remote devices.

To create a custom metric plugin, see Creating a custom metric plugin.

Requirements

It is recommended that you upgrade to the latest version of the OnSight vCollector before proceeding. To verify that an OnSight vCollector is of appropriate version to run OnSight custom plugins, run the following:

From Root (using sudo -i, for example):

onsight check-upgrade

Directory Structure

The following outlines the directory structure relevant to using OnSight custom plugins. These directories are located on the host VM that runs the OnSight.

/usr/share/onsight/countermeasures: Directory to put countermeasure plugins
/usr/share/onsight/custom-metrics: Directory to put custom metric plugins
/usr/share/onsight/secrets: Directory for secrets
/usr/share/onsight/ssh-keys: Directory to put ssh private key files
/usr/share/onsight/dependencies: Directory to install python packages required to run plugins. If your plugin requires other python packages, you can install them under /usr/share/onsight/dependencies/ directory. For example, if your plugin requires pyyaml package, you can install it with this command: pip install -t /usr/share/onsight/dependencies pyyaml
/var/log/countermeasures: Directory contains:
- countermeasure.log
- custom_metric.log

OnSight custom plugins

OnSights support two kinds of custom plugins that can be run on instances that are unable to support a FortiMonitor Agent such as network devices and PaaS cloud services.

This feature is only available on the OnSight vCollector.

OnSight custom plugins:

Custom CounterMeasure action plugins
Custom metric plugins

Note: Custom plugins are only available on OnSights where they are deployed. For OnSight groups, the custom plugins must be deployed to all OnSights in the group. See Deployment.

CounterMeasure action plugins

Run CounterMeasures on network devices which do not run FortiMonitor Agents
Trigger API calls to virtualization systems like VCenter, Nutanix, HyperV
Trigger API calls to cloud providers (AWS, Azure, Google) for PaaS and SaaS services

To create a CounterMeasure action plugin, see Creating a custom CounterMeasure.

Custom metric plugins

You can add your own custom metric plugins to the OnSight to allow you to collect metrics from remote devices.

To create a custom metric plugin, see Creating a custom metric plugin.

Requirements

From Root (using sudo -i, for example):

onsight check-upgrade

Directory Structure

The following outlines the directory structure relevant to using OnSight custom plugins. These directories are located on the host VM that runs the OnSight.

/usr/share/onsight/countermeasures: Directory to put countermeasure plugins
/usr/share/onsight/custom-metrics: Directory to put custom metric plugins
/usr/share/onsight/secrets: Directory for secrets
/usr/share/onsight/ssh-keys: Directory to put ssh private key files
/usr/share/onsight/dependencies: Directory to install python packages required to run plugins. If your plugin requires other python packages, you can install them under /usr/share/onsight/dependencies/ directory. For example, if your plugin requires pyyaml package, you can install it with this command: pip install -t /usr/share/onsight/dependencies pyyaml
/var/log/countermeasures: Directory contains:
- countermeasure.log
- custom_metric.log

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

User Guide

OnSight custom plugins

OnSight custom plugins

CounterMeasure action plugins

Custom metric plugins

Requirements

Directory Structure

OnSight custom plugins

OnSight custom plugins

CounterMeasure action plugins

Custom metric plugins

Requirements