Fortinet white logo
Fortinet white logo

Administration Guide

Alarms

Alarms

Use Alarms to view and manage the contents of the alarm log. The alarm log is a list of all current alarms. The Severity column indicates how serious the alarm is. Severity levels include: critical, minor, warning, informational.

The state of an alarm is either acknowledged or not acknowledged. The event-to-alarm mapping determines the behavior and characteristics of the alarm. The event-to-alarm mapping feature gives you the option of sending alarms to an external log host. See Map events to alarms for details.

You can remove alarms from the log in two ways:

  • Manually, when you select and clear the alarm
  • Automatically, when the clear event defined in alarm mapping occurs

To access the alarms view, select Logs > Alarms.

Settings

Field

Definition

First Name

First Name of the user associated with the alarm, such as the registered owner of a host or an administrator.

Last Name

Last Name of the user associated with the alarm.

User ID

User name from the credentials of the user who was logged in and associated with the alarm.

Element Name

Name of the device, administrator, server or process associated with the alarm.

Element Type

Type can be Device, Port, Container, Process, or All.

Group

Group name of a group of elements, such as, port group, device group or user group.

Pause

If enabled, prevents the Alarms List from refreshing and adding new records to the screen. In an environment with a large number of alarms, you may need to pause the refresh in order to research an issue.

Severity

Category indicating how serious the alarm is. Options include: Critical, Minor, Warning and Informational

Date

Date and time the alarm was triggered.

Alarm

Alarm name. See Events and alarms list.

Element

Element associated with the alarm entry, such as a user name, a hostname, a switch name or an application name.

Trigger Rule

Rule that determine the conditions under which an alarm is triggered based on an event. Options include:

  • One Event to One Alarm: Every occurrence of the event generates a unique alarm.
  • All Events to One Alarm: The first occurrence of the event generates a unique alarm. Each subsequent occurrence of the event does not generate an alarm, as long as the alarm persists when subsequent events occur. When the alarm clears, the next occurrence of the event generates another unique alarm.
  • Event Frequency: Number of the occurrences of the event generated by the same element within a user specified amount of time determines the generation of a unique alarm.
  • Event Lifetime: Duration of an alarm event without a clearing event within a specified time, determines the generation of a unique alarm.

Acknowledged Date

Indicates the date the alarm was acknowledged. If this field is blank, it indicates that the alarm was never acknowledged.

Buttons

Import

Import historical records from an Archive file. See Import archived data.

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Acknowledge

Acknowledges the selected alarm but does not clear it. The Alarm remains in the displayed until you clear it. A date is displayed in the Acknowledged column when the alarm is acknowledged.

Clear

Clears the selected alarm and removes it from the list.

Show Details

Displays the Details Panel for the selected alarm. See Show or hide alarm details.

Alarms

Alarms

Use Alarms to view and manage the contents of the alarm log. The alarm log is a list of all current alarms. The Severity column indicates how serious the alarm is. Severity levels include: critical, minor, warning, informational.

The state of an alarm is either acknowledged or not acknowledged. The event-to-alarm mapping determines the behavior and characteristics of the alarm. The event-to-alarm mapping feature gives you the option of sending alarms to an external log host. See Map events to alarms for details.

You can remove alarms from the log in two ways:

  • Manually, when you select and clear the alarm
  • Automatically, when the clear event defined in alarm mapping occurs

To access the alarms view, select Logs > Alarms.

Settings

Field

Definition

First Name

First Name of the user associated with the alarm, such as the registered owner of a host or an administrator.

Last Name

Last Name of the user associated with the alarm.

User ID

User name from the credentials of the user who was logged in and associated with the alarm.

Element Name

Name of the device, administrator, server or process associated with the alarm.

Element Type

Type can be Device, Port, Container, Process, or All.

Group

Group name of a group of elements, such as, port group, device group or user group.

Pause

If enabled, prevents the Alarms List from refreshing and adding new records to the screen. In an environment with a large number of alarms, you may need to pause the refresh in order to research an issue.

Severity

Category indicating how serious the alarm is. Options include: Critical, Minor, Warning and Informational

Date

Date and time the alarm was triggered.

Alarm

Alarm name. See Events and alarms list.

Element

Element associated with the alarm entry, such as a user name, a hostname, a switch name or an application name.

Trigger Rule

Rule that determine the conditions under which an alarm is triggered based on an event. Options include:

  • One Event to One Alarm: Every occurrence of the event generates a unique alarm.
  • All Events to One Alarm: The first occurrence of the event generates a unique alarm. Each subsequent occurrence of the event does not generate an alarm, as long as the alarm persists when subsequent events occur. When the alarm clears, the next occurrence of the event generates another unique alarm.
  • Event Frequency: Number of the occurrences of the event generated by the same element within a user specified amount of time determines the generation of a unique alarm.
  • Event Lifetime: Duration of an alarm event without a clearing event within a specified time, determines the generation of a unique alarm.

Acknowledged Date

Indicates the date the alarm was acknowledged. If this field is blank, it indicates that the alarm was never acknowledged.

Buttons

Import

Import historical records from an Archive file. See Import archived data.

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Acknowledge

Acknowledges the selected alarm but does not clear it. The Alarm remains in the displayed until you clear it. A date is displayed in the Acknowledged column when the alarm is acknowledged.

Clear

Clears the selected alarm and removes it from the list.

Show Details

Displays the Details Panel for the selected alarm. See Show or hide alarm details.