Fortinet black logo

Administration Guide

Events and alarms

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:864292
Download PDF

Events and alarms

Certain actions within device profiler generate events that appear in the Event Log. Examples of device profiler events are listed in the following table.

Event

Definition

Device Profile

Generated whenever device profiling updates a rogue.

Device Profile Rule Match

A rogue host has matched a Device Profiling rule allowing it to be assigned a device type and registered.

Device Profiling Automatic
Registration

A rogue host has been registered by device profiling based on a device profiling rule.

Device Profiling Rule Missing Data

Indicates that device profiler cannot compare a rogue against a rule because FortiNAC does not have enough information about the rogue, such as a DHCP fingerprint. If device profiler cannot compare a rogue against a rule it does not continue processing that rogue, and moves on to the next rogue.

Device Rule Confirmation
Success

Device Rule Confirmation
Failure

Devices identified by a Device Profiling rule maintain their association with that rule. If enabled, the associated rule and the device are checked periodically to see if the rule is still valid for the device. These event messages indicate whether or not the device matched the associated rule.

Events can be mapped to alarms. Alarms can be set to notify an administrator when they are triggered. Alarms can also be viewed on the Alarms Panel on the dashboard. For more information on events and alarms, e-mail notifications, and how to map events to alarms see Map events to alarms.

Events and alarms

Certain actions within device profiler generate events that appear in the Event Log. Examples of device profiler events are listed in the following table.

Event

Definition

Device Profile

Generated whenever device profiling updates a rogue.

Device Profile Rule Match

A rogue host has matched a Device Profiling rule allowing it to be assigned a device type and registered.

Device Profiling Automatic
Registration

A rogue host has been registered by device profiling based on a device profiling rule.

Device Profiling Rule Missing Data

Indicates that device profiler cannot compare a rogue against a rule because FortiNAC does not have enough information about the rogue, such as a DHCP fingerprint. If device profiler cannot compare a rogue against a rule it does not continue processing that rogue, and moves on to the next rogue.

Device Rule Confirmation
Success

Device Rule Confirmation
Failure

Devices identified by a Device Profiling rule maintain their association with that rule. If enabled, the associated rule and the device are checked periodically to see if the rule is still valid for the device. These event messages indicate whether or not the device matched the associated rule.

Events can be mapped to alarms. Alarms can be set to notify an administrator when they are triggered. Alarms can also be viewed on the Alarms Panel on the dashboard. For more information on events and alarms, e-mail notifications, and how to map events to alarms see Map events to alarms.