Alarms view
Use the Alarms View to view and manage the contents of the alarm log. The alarm log is a list of all current alarms. The Severity column indicates how serious the alarm is. Severity levels include: Critical, Minor, Warning, Informational.
The state of an alarm is either acknowledged or not acknowledged. The event-to-alarm mapping determines the behavior and characteristics of the alarm. The event-to-alarm mapping feature gives you the option of sending alarms to an external log host. See Map events to alarms for details.
You can remove alarms from the log in two ways:
- Manually, when you select and clear the alarm
- Automatically, when the clear event defined in alarm mapping occurs
To access the Alarms View select Logs > Alarms. See Navigation and Filters for information on common navigation tools and data filters.
Field |
Definition |
First Name |
First Name of the user associated with the alarm, such as the registered owner of a host or an admin user. |
Last Name |
Last Name of the user associated with the alarm. |
User ID |
User name from the credentials of the user who was logged in and associated with the alarm. |
Element Name |
Name of the device, Admin User, server or process associated with the alarm. |
Element Type |
Type can be Device, Port, Container, Process, or All. |
Group |
Group name of a group of elements, such as, port group, device group or user group. |
Pause |
If enabled, prevents the Alarms List from refreshing and adding new records to the screen. In an environment with a large number of alarms, you may need to pause the refresh in order to research an issue. |
Severity |
Category indicating how serious the alarm is. Options include: Critical, Minor, Warning and Informational Critical - Minor - Warning - Informational - |
Date |
Date and time the alarm was triggered. |
Alarm |
Alarm name. See FortiNAC events and alarms list. |
Element |
Element associated with the alarm entry, such as a user name, a host name, a switch name or an application name. |
Trigger Rule |
Rule that determine the conditions under which an alarm is triggered based on an event. Options include: One Event to One Alarm—Every occurrence of the event generates a unique alarm. All Events to One Alarm—The first occurrence of the event generates a unique alarm. Each subsequent occurrence of the event does not generate an alarm, as long as the alarm persists when subsequent events occur. When the alarm clears, the next occurrence of the event generates another unique alarm. Event Frequency—Number of the occurrences of the event generated by the same element within a user specified amount of time determines the generation of a unique alarm. Event Lifetime—Duration of an alarm event without a clearing event within a specified time, determines the generation of a unique alarm. |
Acknowledged Date |
Indicates the date the alarm was acknowledged. If this field is blank, it indicates that the alarm was never acknowledged. |
Import |
Import historical records from an Archive file. See Import archived data. |
Export |
Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF or RTF. See Export data. |
Acknowledge |
Acknowledges the selected alarm but does not clear it. The Alarm remains in the displayed until you clear it. A date is displayed in the Acknowledged column when the alarm is acknowledged. |
Clear |
Clears the selected alarm and removes it from the list. |
Show Details |
Displays the Details Panel for the selected alarm. See Show/hide alarm details. |