Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Description of Health JSON Attributes

The following table provides a description of health attributes for FortiSIEM Manager, Supervisor, Worker, and Collector.

JSON Node

Attribute

Applicability

Description

instances

id

All

Instance Id

instances

name

All

Instance name

instances

healthStatus

All

Instance health based on Supervisor and Worker health: Normal/Warning/Critical. Collector health is now ignored.

nodes.summary.instanceId

instanceId

All

Instance Id as it appears in FortiSIEM Manager. This is defined when an Instance registers to the Manager.

nodes.summary.name

name

All

Name as it appears in the Supervisor GUI.

nodes.summary.nodeType

nodeType

All

Manager/Supervisor/Worker/Collector

nodes.summary.status

status

All

Health of the node: Normal/Warning/Critical

nodes.metrics.healthSummary

summary

All

Health of the node - Normal/Warning/Critical

nodes.metrics.healthSummary.reason

attribute

All

Name of attribute e.g. CPU Utilization etc. See Appendix - Current Thresholds for Health Status for a complete list.

nodes.metrics.healthSummary.reason

value

All

Normal/Warning/Critical

nodes.metrics.healthSummary.reason

reason

All

Reason explaining the value

nodes.metrics

lastUpdateTime

Worker

Last time a health update was received from this node.

nodes.metrics

lastFileRecvTime

Worker

Last time a file was received from Collector (Unix epoch time).

nodes.metrics

lastEventTime

Worker

Last time a heartbeat was received from Collector (Unix epoch time).

nodes.metrics.hostInfo

name

All

Host Name (same as nodes.summary.name)

nodes.metrics.hostInfo

ip

All

Host IP

nodes.metrics.versionInfo

version

All

FortiSIEM Image Version

nodes.metrics.versionInfo

commitHash

All

FortiSIEM Image Commit hash (SHA-1 hash made up of a few properties from the code commit.)

nodes.metrics.versionInfo

builtOn

All

Day when the image was built (Unix Epoch time).

nodes.metrics.versionInfo

contentVersion

All

FortiSIEM Content version running on this node.

nodes.metrics.hardware

vCPU

All

Number of vCPUs in this node

nodes.metrics.hardware

memory_gb

All

Total physical memory in this node

nodes.metrics.eps

3min

All

Average EPS calculated at 3 minute intervals.

nodes.metrics.eps

15min

All

Average EPS calculated at 15 minute intervals.

nodes.metrics.eps

30min

All

Average EPS calculated at 30 minute intervals.

nodes.metrics.eps

allocatedEPS

All

EPS allocated to a node (limited by license).

nodes.metrics.eps

incomingEPS

All

Incoming EPS to this node

nodes.metrics.eps

dropLicenseEPS

All

Dropped EPS because of license

nodes.metrics.eventUploadQueue

queue

Worker

Number of files in Event Upload Queue at Worker - this queue stores filed uploaded by Collector.

nodes.metrics.eventUploadQueue

disk_kb

Worker

Total file size in Event Upload Queue at Worker - this queue stores filed uploaded by Collector.

nodes.metrics.eventUploadQueue

total_mb

Collector

Total file size in Collector waiting to be uploaded to Worker or Supervisor.

nodes.metrics.eventUploadQueue

event_mb

Collector

Total event file size in Collector waiting to be uploaded to Worker or Supervisor.

nodes.metrics.eventUploadQueue

windows_mb

Collector

Total Windows Agent file size in Collector waiting to be uploaded to Worker or Supervisor.

nodes.metrics.eventUploadQueue

linux_mb

Collector

Total Linux Agent file size in Collector waiting to be uploaded to Worker or Supervisor.

nodes.metrics.eventUploadQueue

svn_mb

Collector

Total Configuration (SVNLite) file size in Collector waiting to be uploaded to Worker or Supervisor.

nodes.metrics.loadAverage

1min

All

1 minute load average

nodes.metrics.loadAverage

5min

All

5 minute load average

nodes.metrics.loadAverage

15min

All

15 minute load average

nodes.metrics.cpuUsage

used_pct

All

Total CPU Utilization

nodes.metrics.cpuUsage

system_pct

All

System CPU utilization

nodes.metrics.cpuUsage

user_pct

All

User CPU Utilization

nodes.metrics.cpuUsage

free_pct

All

Free CPU Utilization

nodes.metrics.cpuUsage

idleWait_pct

All

Percentage of time CPU is waiting for I/O to complete.

nodes.metrics.memoryUsage

total_mb

All

Total Memory (MB)

nodes.metrics.memoryUsage

used_mb

All

Used Memory (MB)

nodes.metrics.memoryUsage

free_mb

All

Free Memory (MB)

nodes.metrics.memoryUsage

used_pct

All

Memory Utilization (pct)

nodes.metrics.swapUsage

total_mb

All

Total Swap memory (MB)

nodes.metrics.swapUsage

used_mb

All

Used Swap Memory (MB)

nodes.metrics.swapUsage

in_bps

All

Swap In rate (Bits/sec)

nodes.metrics.swapUsage

out_bps

All

Swap Out rate (Bits/sec)

nodes.metrics.swapUsage

used_pct

All

Swap Utilization

nodes.metrics.diskUsage

filesystem

All

File system

nodes.metrics.diskUsage

mountedOn

All

File system mount point like /svn, /cmdb etc

nodes.metrics.diskUsage

type

All

File system type e.g. xfs

nodes.metrics.diskUsage

size_mb

All

Total File system Size (MB)

nodes.metrics.diskUsage

used_mb

All

Used File system Size (MB)

nodes.metrics.diskUsage

avail_mb

All

Free File system Size (MB)

nodes.metrics.diskUsage

used_pct

All

Percentage of file system used.

nodes.metrics.upgradeStat

upgradeVersion

Collector

Last Image version the Collector upgraded to.

nodes.metrics.upgradeStat

installStatus

Collector

Last Image version install status (Completed or Failed followed by reason.)

nodes.metrics.upgradeStat

downloadStatus

Collector

Last Image version download status (Completed or Failed followed by reason.)

nodes.metrics.diskIO

device

All

Linux device for measuring disk I/O

nodes.metrics.diskIO

mountedOn

All

Device mount point like /svn, /cmdb etc

nodes.metrics.diskIO

read_ops

All

Read Operations/sec

nodes.metrics.diskIO

write_ops

All

Write Operations/sec

nodes.metrics.diskIO

read_kbps

All

Read Volume (KB/sec)

nodes.metrics.diskIO

write_kbps

All

Write Volume (KB/sec)

nodes.metrics.diskIO

readWait_ms

All

Read Wait Latency (msec)

nodes.metrics.diskIO

writeWait_ms

All

Write Wait Latency (msec)

nodes.metrics.diskIO

util_pct

All

Disk I/O utilization

nodes.metrics.nfsIO

location

Super, Worker

Remote path

nodes.metrics.nfsIO

path

Super, Worker

Local directory (e.g. /data)

nodes.metrics.nfsIO

read_ops

Super, Worker

NFS Read Operations/second for EventDB based deployments

nodes.metrics.nfsIO

read_kbps

Super, Worker

NFS Read Volume (KBytes/second) for EventDB based deployments

nodes.metrics.nfsIO

read_kbpop

Super, Worker

NFS Read Volume (Kbytes/operation) for EventDB based deployments

nodes.metrics.nfsIO

readLatency_ms

Super, Worker

NFS Read Latency (ms) for EventDB based deployments

nodes.metrics.nfsIO

write_ops

Super, Worker

NFS WriteOperations/second for EventDB based deployments

nodes.metrics.nfsIO

write_kbps

Super, Worker

NFS WriteVolume (KBytes/second) for EventDB based deployments

nodes.metrics.nfsIO

write_kbpop

Super, Worker

NFS Write Volume (Kbytes/operation) for EventDB based deployments

nodes.metrics.nfsIO

writLatency_ms

Super, Worker

NFS Write Latency (ms) for EventDB based deployments

nodes.metrics.processStat

processName

All

FortiSIEM process name

nodes.metrics.processStat

owner

All

FortiSIEM process owner

nodes.metrics.processStat

uptime_sec

All

Process Uptime (seconds)

nodes.metrics.processStat

cpuUtil_pct

All

Process CPU Utilization

nodes.metrics.processStat

residentMemory_mb

All

Process Resident Memory Usage (MB)

nodes.metrics.processStat

memoryUtil_pct

All

Process Memory Utilization

nodes.metrics.processStat

diskRead_kbps

All

Process Aggregate Disk Read Volume (KB/sec)

nodes.metrics.processStat

diskWrite_kbps

All

Process Aggregate Write Volume (KB/sec)

nodes.metrics.processStat

sharedStore_type

All

Reader or Writer or none

nodes.metrics.processStat

sharedStore_position

All

Shared store read/write position (Bytes written or read.)

nodes.metrics.processStat

sharedStore_pct

All

Shared store read/write position (Percentage) - 100% means end of circular buffer.

Description of Health JSON Attributes

The following table provides a description of health attributes for FortiSIEM Manager, Supervisor, Worker, and Collector.

JSON Node

Attribute

Applicability

Description

instances

id

All

Instance Id

instances

name

All

Instance name

instances

healthStatus

All

Instance health based on Supervisor and Worker health: Normal/Warning/Critical. Collector health is now ignored.

nodes.summary.instanceId

instanceId

All

Instance Id as it appears in FortiSIEM Manager. This is defined when an Instance registers to the Manager.

nodes.summary.name

name

All

Name as it appears in the Supervisor GUI.

nodes.summary.nodeType

nodeType

All

Manager/Supervisor/Worker/Collector

nodes.summary.status

status

All

Health of the node: Normal/Warning/Critical

nodes.metrics.healthSummary

summary

All

Health of the node - Normal/Warning/Critical

nodes.metrics.healthSummary.reason

attribute

All

Name of attribute e.g. CPU Utilization etc. See Appendix - Current Thresholds for Health Status for a complete list.

nodes.metrics.healthSummary.reason

value

All

Normal/Warning/Critical

nodes.metrics.healthSummary.reason

reason

All

Reason explaining the value

nodes.metrics

lastUpdateTime

Worker

Last time a health update was received from this node.

nodes.metrics

lastFileRecvTime

Worker

Last time a file was received from Collector (Unix epoch time).

nodes.metrics

lastEventTime

Worker

Last time a heartbeat was received from Collector (Unix epoch time).

nodes.metrics.hostInfo

name

All

Host Name (same as nodes.summary.name)

nodes.metrics.hostInfo

ip

All

Host IP

nodes.metrics.versionInfo

version

All

FortiSIEM Image Version

nodes.metrics.versionInfo

commitHash

All

FortiSIEM Image Commit hash (SHA-1 hash made up of a few properties from the code commit.)

nodes.metrics.versionInfo

builtOn

All

Day when the image was built (Unix Epoch time).

nodes.metrics.versionInfo

contentVersion

All

FortiSIEM Content version running on this node.

nodes.metrics.hardware

vCPU

All

Number of vCPUs in this node

nodes.metrics.hardware

memory_gb

All

Total physical memory in this node

nodes.metrics.eps

3min

All

Average EPS calculated at 3 minute intervals.

nodes.metrics.eps

15min

All

Average EPS calculated at 15 minute intervals.

nodes.metrics.eps

30min

All

Average EPS calculated at 30 minute intervals.

nodes.metrics.eps

allocatedEPS

All

EPS allocated to a node (limited by license).

nodes.metrics.eps

incomingEPS

All

Incoming EPS to this node

nodes.metrics.eps

dropLicenseEPS

All

Dropped EPS because of license

nodes.metrics.eventUploadQueue

queue

Worker

Number of files in Event Upload Queue at Worker - this queue stores filed uploaded by Collector.

nodes.metrics.eventUploadQueue

disk_kb

Worker

Total file size in Event Upload Queue at Worker - this queue stores filed uploaded by Collector.

nodes.metrics.eventUploadQueue

total_mb

Collector

Total file size in Collector waiting to be uploaded to Worker or Supervisor.

nodes.metrics.eventUploadQueue

event_mb

Collector

Total event file size in Collector waiting to be uploaded to Worker or Supervisor.

nodes.metrics.eventUploadQueue

windows_mb

Collector

Total Windows Agent file size in Collector waiting to be uploaded to Worker or Supervisor.

nodes.metrics.eventUploadQueue

linux_mb

Collector

Total Linux Agent file size in Collector waiting to be uploaded to Worker or Supervisor.

nodes.metrics.eventUploadQueue

svn_mb

Collector

Total Configuration (SVNLite) file size in Collector waiting to be uploaded to Worker or Supervisor.

nodes.metrics.loadAverage

1min

All

1 minute load average

nodes.metrics.loadAverage

5min

All

5 minute load average

nodes.metrics.loadAverage

15min

All

15 minute load average

nodes.metrics.cpuUsage

used_pct

All

Total CPU Utilization

nodes.metrics.cpuUsage

system_pct

All

System CPU utilization

nodes.metrics.cpuUsage

user_pct

All

User CPU Utilization

nodes.metrics.cpuUsage

free_pct

All

Free CPU Utilization

nodes.metrics.cpuUsage

idleWait_pct

All

Percentage of time CPU is waiting for I/O to complete.

nodes.metrics.memoryUsage

total_mb

All

Total Memory (MB)

nodes.metrics.memoryUsage

used_mb

All

Used Memory (MB)

nodes.metrics.memoryUsage

free_mb

All

Free Memory (MB)

nodes.metrics.memoryUsage

used_pct

All

Memory Utilization (pct)

nodes.metrics.swapUsage

total_mb

All

Total Swap memory (MB)

nodes.metrics.swapUsage

used_mb

All

Used Swap Memory (MB)

nodes.metrics.swapUsage

in_bps

All

Swap In rate (Bits/sec)

nodes.metrics.swapUsage

out_bps

All

Swap Out rate (Bits/sec)

nodes.metrics.swapUsage

used_pct

All

Swap Utilization

nodes.metrics.diskUsage

filesystem

All

File system

nodes.metrics.diskUsage

mountedOn

All

File system mount point like /svn, /cmdb etc

nodes.metrics.diskUsage

type

All

File system type e.g. xfs

nodes.metrics.diskUsage

size_mb

All

Total File system Size (MB)

nodes.metrics.diskUsage

used_mb

All

Used File system Size (MB)

nodes.metrics.diskUsage

avail_mb

All

Free File system Size (MB)

nodes.metrics.diskUsage

used_pct

All

Percentage of file system used.

nodes.metrics.upgradeStat

upgradeVersion

Collector

Last Image version the Collector upgraded to.

nodes.metrics.upgradeStat

installStatus

Collector

Last Image version install status (Completed or Failed followed by reason.)

nodes.metrics.upgradeStat

downloadStatus

Collector

Last Image version download status (Completed or Failed followed by reason.)

nodes.metrics.diskIO

device

All

Linux device for measuring disk I/O

nodes.metrics.diskIO

mountedOn

All

Device mount point like /svn, /cmdb etc

nodes.metrics.diskIO

read_ops

All

Read Operations/sec

nodes.metrics.diskIO

write_ops

All

Write Operations/sec

nodes.metrics.diskIO

read_kbps

All

Read Volume (KB/sec)

nodes.metrics.diskIO

write_kbps

All

Write Volume (KB/sec)

nodes.metrics.diskIO

readWait_ms

All

Read Wait Latency (msec)

nodes.metrics.diskIO

writeWait_ms

All

Write Wait Latency (msec)

nodes.metrics.diskIO

util_pct

All

Disk I/O utilization

nodes.metrics.nfsIO

location

Super, Worker

Remote path

nodes.metrics.nfsIO

path

Super, Worker

Local directory (e.g. /data)

nodes.metrics.nfsIO

read_ops

Super, Worker

NFS Read Operations/second for EventDB based deployments

nodes.metrics.nfsIO

read_kbps

Super, Worker

NFS Read Volume (KBytes/second) for EventDB based deployments

nodes.metrics.nfsIO

read_kbpop

Super, Worker

NFS Read Volume (Kbytes/operation) for EventDB based deployments

nodes.metrics.nfsIO

readLatency_ms

Super, Worker

NFS Read Latency (ms) for EventDB based deployments

nodes.metrics.nfsIO

write_ops

Super, Worker

NFS WriteOperations/second for EventDB based deployments

nodes.metrics.nfsIO

write_kbps

Super, Worker

NFS WriteVolume (KBytes/second) for EventDB based deployments

nodes.metrics.nfsIO

write_kbpop

Super, Worker

NFS Write Volume (Kbytes/operation) for EventDB based deployments

nodes.metrics.nfsIO

writLatency_ms

Super, Worker

NFS Write Latency (ms) for EventDB based deployments

nodes.metrics.processStat

processName

All

FortiSIEM process name

nodes.metrics.processStat

owner

All

FortiSIEM process owner

nodes.metrics.processStat

uptime_sec

All

Process Uptime (seconds)

nodes.metrics.processStat

cpuUtil_pct

All

Process CPU Utilization

nodes.metrics.processStat

residentMemory_mb

All

Process Resident Memory Usage (MB)

nodes.metrics.processStat

memoryUtil_pct

All

Process Memory Utilization

nodes.metrics.processStat

diskRead_kbps

All

Process Aggregate Disk Read Volume (KB/sec)

nodes.metrics.processStat

diskWrite_kbps

All

Process Aggregate Write Volume (KB/sec)

nodes.metrics.processStat

sharedStore_type

All

Reader or Writer or none

nodes.metrics.processStat

sharedStore_position

All

Shared store read/write position (Bytes written or read.)

nodes.metrics.processStat

sharedStore_pct

All

Shared store read/write position (Percentage) - 100% means end of circular buffer.