Data Manager Logs
This section provides logs related to (a)inserting events in database, (b)moving events within various database tiers e.g. Hot, Warm, Cold, Archive, (c)generating log integrity, and (d)purging events. Supported event databases include EventDB, ClickHouse and Elasticsearch.
PH_DATAMGR_UNABLE_FLUSH_INDEX
Description: Failed to flush index
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_DATAMGR_UNABLE_OPEN_EVTBLK_FILE
Description: Unable to open event block file
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_DATAMGR_BAD_SEGMENT
Description: Bad data segment
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_DATAMGR_INDEX_MERGE_FAILED
Description: Failed to merge indices
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_DATAMGR_INDEX_MERGE_FAILED_INDEX
Description: Index that failed to merge
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_DATAMGR_INDEX_MERGE_FAILED_INDEX_GROUP
Description: Index group that failed to merge
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_DATAMGR_SEGMENT_MERGE_FAILED
Description: Failed to merge segments
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_DATAMGR_SEGMENT_MERGE_ERROR
Description: Datamgr segment merge error
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_DATAMGR_BAD_EVTBLKIDX_FILE
Description: Bad event block index file
Severity: 6 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_COORDINATOR_UP
Description: Coordinator is up
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
PH_DATA_CLUSTER_COORDINATOR_DOWN
Description: Coordinator is down or not reachable or not responsive
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
PH_SYSTEM_DISK_USAGE
Description: Disk usage of customer
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
diskUsage |
Disk Used MB |
uint64 |
|
PH_SYSTEM_DISK_USAGE_WARNING
Description: FortiSIEM EventDB disk usage close to limit
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
PH_SYSTEM_DISK_PURGED
Description: Event database files purged
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
PH_SYSTEM_ARCHIVE_LOW
Description: FortiSIEM EventDB Archive disk space low
Severity: 5 (Medium)
Event Category: 3 (System Logs)
PH_SYSTEM_ARCHIVE_PURGED_LOW_SPACE
Description: Event database archive files purged to make room for new archive
Severity: 5 (Medium)
Event Category: 3 (System Logs)
PH_SYSTEM_ARCHIVE_PURGED_POLICY
Description: Event database archive files purged by policy
Severity: 5 (Medium)
Event Category: 3 (System Logs)
PH_SYSTEM_ARCHIVE_USAGE
Description: Archive disk usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
diskUsage |
Disk Used MB |
uint64 |
|
PH_SYSTEM_DISK_ARCHIVING_STARTED
Description: Online FortiSIEM EventDB Archiving started
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_DISK_ARCHIVING_SUCCESS
Description: Online FortiSIEM EventDB Archiving success
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_DISK_ARCHIVING_FAILED
Description: Online FortiSIEM EventDB Archiving encountered errors
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_SYSTEM_DISK_ARCHIVING_FINISHED
Description: Online FortiSIEM EventDB Archiving completed
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_DISK_PURGING_STARTED
Description: Online FortiSIEM EventDB Purging started
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_DISK_PURGING_SUCCESS
Description: Online FortiSIEM EventDB Purging success
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_DISK_PURGING_FAILED
Description: Online FortiSIEM EventDB Purging encountered errors
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_SYSTEM_DISK_PURGING_FINISHED
Description: Online FortiSIEM EventDB Purging completed
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_ARCHIVE_PURGING_LOW_SPACE_STARTED
Description: Started to purge Archive FortiSIEM EventDB because of low available space
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_ARCHIVE_PURGING_LOW_SPACE_SUCCESS
Description: Successfully purged Archive FortiSIEM EventDB because of low available space
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_ARCHIVE_PURGING_LOW_SPACE_FAILED
Description: Failed to purge Archive FortiSIEM EventDB - purge caused by low available space
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_SYSTEM_ARCHIVE_PURGING_LOW_SPACE_FINISHED
Description: Successfully purged Archive FortiSIEM EventDB -purge caused by low available space
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_ARCHIVE_PURGING_POLICY_STARTED
Description: Started to purge Archive FortiSIEM EventDB - purge caused by policy
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_ARCHIVE_PURGING_POLICY_SUCCESS
Description: Successfully purged Archive FortiSIEM EventDB - purge caused by policy
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_ARCHIVE_PURGING_POLICY_FAILED
Description: Failed to purge Archive FortiSIEM EventDB - purge caused by policy
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_SYSTEM_ARCHIVE_PURGING_POLICY_FINISHED
Description: Successfully purged Archive FortiSIEM EventDB - purge caused by policy
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_SYSTEM_DATAMGR_ARCHIVE_SKIP
Description: Online FortiSIEM EventDB Archiving skipped since the directory has data
Severity: 5 (Medium)
Event Category: 3 (System Logs)
PH_SYSTEM_RETENTION_POLICY_STARTED
Description: Data retention policy enforcement started
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_RETENTION_POLICY_SUCCESS
Description: Data retention policy enforcement succeeded
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_RETENTION_POLICY_FAILED
Description: Data retention policy enforcement failed
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_SYSTEM_RETENTION_POLICY_STATS
Description: Data retention policy enforcement statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_SYSTEM_RETENTION_POLICY_EXEC_TIME
Description: Data retention policy enforcement time
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
runTime |
Run Time |
uint64 |
|
PH_SYSTEM_RETENTION_POLICY_FINISHED
Description: Data retention policy enforcement finished
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_SYSTEM_ONLINE_RETENTION_POLICY_VIOLATED
Description: Online data retention policy violation
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
policyName |
Policy Name |
string |
|
PH_SYSTEM_ARCHIVE_RETENTION_POLICY_VIOLATED
Description: Archive retention policy violation
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
PH_ES_HOT_STORAGE_USAGE
Description: Disk usage of Elasticsearch Hot Nodes
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
PH_ES_WARM_STORAGE_USAGE
Description: Disk usage of Elasticsearch Warm nodes
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
PH_ES_COLD_STORAGE_USAGE
Description: Disk usage of Elasticsearch Cold nodes
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
PH_ES_ARCHIVE_STORAGE_USAGE
Description: Disk usage of Elasticsearch Cluster archive
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
PH_ES_HOT_STORAGE_CHECK_ERROR
Description: Failed to get disk usage of Elasticsearch Cluster Hot Nodes
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_ES_WARM_STORAGE_CHECK_ERROR
Description: Failed to get disk usage of Elasticsearch Cluster warm nodes
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_ES_COLD_STORAGE_CHECK_ERROR
Description: Failed to get disk usage of Elasticsearch Cluster cold nodes
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_ES_ARCHIVE_STORAGE_CHECK_ERROR
Description: Failed to get disk usage of Elasticsearch Cluster archive
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_ES_HOT_STORAGE_LOW
Description: The available storage of Hot Nodes on Elasticsearch Cluster is low
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
PH_ES_WARM_STORAGE_LOW
Description: The available storage of warm nodes on Elasticsearch Cluster is low
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
PH_ES_COLD_STORAGE_LOW
Description: The available storage of cold nodes on Elasticsearch Cluster is low
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
PH_ES_ARCHIVE_STORAGE_LOW
Description: The available storage of archive for Elasticsearch Cluster is low
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
PH_ES_HOT_STORAGE_MOVING_STARTED
Description: Start move indices from Hot to warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_HOT_STORAGE_MOVING_SUCCESS
Description: Succeed moved indices from Hot to warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_HOT_STORAGE_MOVING_FAILED
Description: Failed move indices from Hot to warm nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_ES_HOT_STORAGE_MOVING_FINISHED
Description: Finished moved indices from Hot to warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_HOTCOLD_STORAGE_MOVING_STARTED
Description: Start move indices from Hot to cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_HOTCOLD_STORAGE_MOVING_SUCCESS
Description: Succeed moved indices from Hot to cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_HOTCOLD_STORAGE_MOVING_FAILED
Description: Failed move indices from Hot to cold nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_ES_HOTCOLD_STORAGE_MOVING_FINISHED
Description: Finished moved indices from Hot to cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_HOT_STORAGE_PURGING_STARTED
Description: Start purge indices from hot nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_HOT_STORAGE_PURGING_SUCCESS
Description: Succeed purge indices from hot nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_HOT_STORAGE_PURGING_FAILED
Description: Failed purge indices from hot nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_ES_HOT_STORAGE_PURGING_FINISHED
Description: Finished purge indices from hot nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_HOT_STORAGE_ARCHIVING_STARTED
Description: Start archive indices from hot nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_HOT_STORAGE_ARCHIVING_SUCCESS
Description: Succeed archive indices from hot nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_HOT_STORAGE_ARCHIVING_FAILED
Description: Failed archive indices from hot nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_ES_HOT_STORAGE_ARCHIVING_FINISHED
Description: Finished archive indices from hot nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_WARM_STORAGE_MOVING_STARTED
Description: Start move indices from Warm to cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_WARM_STORAGE_MOVING_SUCCESS
Description: Succeed moved indices from Warm to cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_WARM_STORAGE_MOVING_FAILED
Description: Failed move indices from Warm to cold nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_ES_WARM_STORAGE_MOVING_FINISHED
Description: Finished moved indices from Warm to cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_WARM_STORAGE_PURGING_STARTED
Description: Start purge indices from warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_WARM_STORAGE_PURGING_SUCCESS
Description: Succeed purge indices from warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_WARM_STORAGE_PURGING_FAILED
Description: Failed purge indices from warm nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_ES_WARM_STORAGE_PURGING_FINISHED
Description: Finished purge indices from warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_WARM_STORAGE_ARCHIVING_STARTED
Description: Start archive indices from warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_WARM_STORAGE_ARCHIVING_SUCCESS
Description: Successfully archived indices from warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_WARM_STORAGE_ARCHIVING_FAILED
Description: Failed to archive indices from warm nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_ES_WARM_STORAGE_ARCHIVING_FINISHED
Description: Finished archive indices from warm nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_COLD_STORAGE_PURGING_STARTED
Description: Start purge indices from cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_COLD_STORAGE_PURGING_SUCCESS
Description: Succeed purge indices from cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_COLD_STORAGE_PURGING_FAILED
Description: Failed purge indices from cold nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_ES_COLD_STORAGE_PURGING_FINISHED
Description: Finished purge indices from cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_COLD_STORAGE_ARCHIVING_STARTED
Description: Start archive indices from cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_COLD_STORAGE_ARCHIVING_SUCCESS
Description: Successfully archived indices from cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_COLD_STORAGE_ARCHIVING_FAILED
Description: Failed to archive indices from cold nodes on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_ES_COLD_STORAGE_ARCHIVING_FINISHED
Description: Finished archive indices from cold nodes on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_ARCHIVE_STORAGE_PURGING_STARTED
Description: Start purge snapshots from archive on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_ARCHIVE_STORAGE_PURGING_SUCCESS
Description: Succeed purge snapshots from archive on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_ARCHIVE_STORAGE_PURGING_FAILED
Description: Failed purge snapshot from archive on Elasticsearch Cluster
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_ES_ARCHIVE_STORAGE_PURGING_FINISHED
Description: Finished purge snapshot from archive on Elasticsearch Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_ES_CCR_DELAY
Description: Elasticsearch CCR delay detail
Severity: 5 (Medium)
Event Category: 3 (System Logs)
PH_HDFS_ARCHIVE_STORAGE_USAGE
Description: Storage usage of HDFS Archive database
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
PH_HDFS_ARCHIVE_STORAGE_LOW
Description: The available storage of HDFS Archive database is low
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
PH_HDFS_PURGING_STARTED
Description: Started purging from HDFS Archive database - triggered by low space
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_HDFS_PURGING_FINISHED
Description: Finished purging from HDFS Archive database - triggered by low space
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_HDFS_PURGING_SUCCESS
Description: Successfully purged from HDFS Archive database - triggered by low space
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_HDFS_PURGING_FAILED
Description: Failed purging from HDFS Archive database
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_CLICKHOUSE_JSON_ENCODER_EPS
Description: ClickHouse JSON Encoding EPS
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventsPerSec |
Event Rate |
double |
A generic attribute for recording event ingestion or handling rate. |
PH_CLICKHOUSE_JSON_ENCODER_EPS_PER_THREAD
Description: ClickHouse JSON Encoding EPS per thread
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventsPerSec |
Event Rate |
double |
A generic attribute for recording event ingestion or handling rate. |
PH_CLICKHOUSE_INSERTION_EPS
Description: ClickHouse Insertion EPS
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventsPerSec |
Event Rate |
double |
A generic attribute for recording event ingestion or handling rate. |
PH_CLICKHOUSE_WRITE_FAILED
Description: ClickHouse Insertion failed
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
PH_CLICKHOUSE_GET_ONLINE_NODE_FAILED
Description: ClickHouse getting online node failed
Severity: 9 (High)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_ROUND_ROBIN_INSERTION
Description: Insert events to ClickHouse in roundrobin fashion
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
PH_CLICKHOUSE_ROUND_ROBIN_QUERY
Description: Query from ClickHouse in roundrobin fashion
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
PH_CLICKHOUSE_DROP_PARTITION_SUCCEEDED
Description: Drop ClickHouse partition successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
dbPartition |
DB Partition |
string |
|
|
command |
Command |
string |
|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_CLICKHOUSE_MOVE_PARTITION_SUCCEEDED
Description: Move ClickHouse partition successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
dbPartition |
DB Partition |
string |
|
|
command |
Command |
string |
|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_CLICKHOUSE_DISK_UTILS_PER_STORAGE_TIER
Description: ClickHouse disk utils per storage tier
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
|
diskType |
Disk Type |
string |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
PH_CLICKHOUSE_STORAGE_UTILS_PER_ORG_PER_DAY
Description: ClickHouse disk utils per organization per day
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_STORAGE_UTILS_PER_ORG
Description: ClickHouse disk utils per organization
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_LOG_INTEGRITY_CONSOLIDATION_STATUS_CHANGE
Description: ClickHouse partition consolidation status change
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_STARTED
Description: ClickHouse daily consolidation started
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_STOPPED
Description: ClickHouse daily consolidation stopped
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_DONE
Description: ClickHouse daily consolidation done
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
PH_CLICKHOUSE_LOG_INTEGRITY_PARTITION_CONSOLIDATION_STARTED
Description: ClickHouse partition consolidation started
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
PH_CLICKHOUSE_LOG_INTEGRITY_PARTITION_CONSOLIDATION_DONE
Description: ClickHouse partition consolidation done
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
hashSHA256 |
SHA256 Hash |
string |
|
PH_CLICKHOUSE_LOG_INTEGRITY_CALCULATE_REQUEST_STARTED
Description: ClickHouse partition consolidation request started
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_TIMER
Description: ClickHouse log integrity daily consolidation timer pops
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_LOG_INTEGRITY_CONSOLIDATION_DATE
Description: ClickHouse log integrity consolidation target date
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_LOG_INTEGRITY_CANDIDATE_PARTITIONS
Description: Clickhouse log integrity candidate partitions
Severity: 1 (Low)
Event Category: 3 (System Logs)
PH_DATAINTEGRITY_SIGNER_ERROR
Description: Data integrity module failed to sign event data for message integrity
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
PH_DATAINTEGRITY_VERIFIER_ERROR
Description: Data integrity module failed to verify event data for message integrity
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
PH_DATAINTEGRITY_PASSPHRASE_LOAD_ERROR
Description: Data integrity module failed to load passphrase from App Server. Passphrase is needed for signing events
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAINTEGRITY_UTILS_ERROR
Description: Generic data integrity utilities error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
PH_DATAMANAGER_FILE_RENAME_FAILURE
Description: FortiSIEM DataManager failed to rename file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_DATAMANAGER_FILE_WRITE_FAILURE
Description: FortiSIEM DataManager failed to write file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_DATAMANAGER_FILE_READ_FAILURE
Description: FortiSIEM DataManager failed to read file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_DATAMANAGER_INVALID_LOG_FILE
Description: FortiSIEM DataManager invalid log file
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_GLOBAL_CACHE_MISSING
Description: FortiSIEM DataManager missing global cache
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATAMANAGER_CLUSTER_ENCODE_ERROR
Description: Elasticsearch event encode error while writing events
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_CLUSTER_INIT_ERROR
Description: Elasticsearch client initialization failed
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_DATAMANAGER_CLUSTER_WAIT_ERROR
Description: Elasticsearch client failed tp get event block from sharedstore
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_CLUSTER_WRITER_ERROR
Description: Elasticsearch cluster writer error
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_ELASTICWRITER_ERROR
Description: Elasticsearch client failed to write events to Elasticsearch
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_EVTATTR_ERROR
Description: Data Manager found unknown event attribute while writing to database
Severity: 9 (High)
Event Category: 3 (System Logs)
PH_DATAMANAGER_EVTCACHE_DUPLICATE_ERROR
Description: Data Manager found duplicate event id in event cache for trigger event query
Severity: 9 (High)
Event Category: 3 (System Logs)
PH_DATAMANAGER_EVTCACHE_GET_ERROR
Description: Data Manager failed to get event from event cache for trigger event query
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_EVTCACHE_PARSE_ERROR
Description: Data Manager failed to parse trigger event query XML from Query Master
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_EVTDBNOTIFIER_ERROR
Description: Data Manager failed to upload event-file-signature related details to App Server
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_EVTIDX_CORRUPT_ERROR
Description: Data Manager detected event index corruption
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
PH_DATAMANAGER_EVTIDX_MERGE_ERROR
Description: Data Manager failed to merge event index
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
dirName |
Directory Name |
string |
|
PH_DATAMANAGER_EVTIDX_QUERY_ERROR
Description: Data Manager failed to read event index during query
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_EVTIDX_READ_BLOCK_ERROR
Description: Data Manager failed to read event file block during query or index merge
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_EVTIDX_READ_KEY_ERROR
Description: Data Manager failed to read event file index during query or index merge
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_EVTIDX_READ_POST_ERROR
Description: Data Manager failed to read event index posting file during query or index merge
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_EVTIDX_WRITE_ERROR
Description: Data Manager failed to write event index
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
PH_DATAMANAGER_EVTIDX_WRITE_KEY_ERROR
Description: Data Manager failed to write event index file key
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
PH_DATAMANAGER_EVTIDX_WRITE_POST_ERROR
Description: Data Manager failed to write event index posting file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_EVTLOADER_ERROR
Description: Data Manager failed to load events from shared buffer
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
dirName |
Directory Name |
string |
|
PH_DATAMANAGER_EVTWRITER_ERROR
Description: Data Manager failed to store events to event database
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_DATAMANAGER_EXPORT_ERROR
Description: Data Manager failed to export events from event database
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_FILE_SIGN_ERROR
Description: Data Manager failed to sign event files for message integrity
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
PH_DATAMANAGER_GET_SIGN_ERROR
Description: Data Manager failed to read event message integrity signatures
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
PH_DATAMANAGER_HDFSWRITER_ERROR
Description: Data Manager module failed to write to HDFS
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_DATAMANAGER_HTTP_UPLOAD_ERROR
Description: Data Manager module failed to upload event database statistics to App server
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_DATAMANAGER_INIT_ERROR
Description: Data Manager module initialization error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_INTEGRITY_CHECK_ERROR
Description: Data Manager failed to do integrity check for certain event files
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
PH_DATAMANAGER_KAFKAWRITER_CONFIG_ERROR
Description: Data Manager failed to load Kafka configuration from App server
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_KAFKAWRITER_ERROR
Description: Data Manager failed to write events to Kafka message bus
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_DATAMANAGER_PUT_SIGN_ERROR
Description: Data Manager failed to store event file integrity signatures
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
PH_DATAMANAGER_QUERY_EXPR_ERROR
Description: Data Manager failed to parse trigger event query expression
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_INTEGRITY_RESPONSE_ERROR
Description: Data Manager failed to respond to App Server for log integrity check requests
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_QUERY_RESPONSE_ERROR
Description: Data Manager failed to respond to Query Master for incident trigger event query requests
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_DASHBOARD_RESPONSE_ERROR
Description: Data Manager failed to respond to Query Master for summary dashboard query requests
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAMANAGER_SUMMARYWRITER_ERROR
Description: Data Manager failed to write inline report results
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_DATAMANAGER_IP_TYPE_INVALID
Description: Invalid IP type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATAMANAGER_LOG_BUFFER_PAUSED_LOW_SPACE
Description: PerCust event buffer is paused because of low free space
Severity: 9 (High)
Event Category: 3 (System Logs)
PH_DATAMANAGER_LOG_BUFFER_PAUSED_STATFS_FAILURE
Description: PerCust event buffer is paused because of statfs failure
Severity: 9 (High)
Event Category: 3 (System Logs)
PH_DATAMANAGER_LOG_BUFFER_RESUMED
Description: PerCust event buffer is resumed
Severity: 3 (Low)
Event Category: 3 (System Logs)
PH_DATAMANAGER_REDIS_KEY_NOT_EXIST
Description: redis key not exist
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATAPURGER_ARCHIVE_TASK_ERROR
Description: Data Purger failed to archive events but they are purged
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAPURGER_DUCHECKER_ERROR
Description: Data Purger failed to check disk usage
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAPURGER_ENFORCE_ERROR
Description: Data Purger failed to enforce event purging policy
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAPURGER_EVAL_ERROR
Description: Data Purger failed to evaluate event purging policies for a particular day
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAPURGER_HTTP_UPLOAD_ERROR
Description: Data Purger failed to upload disk usage to App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAPURGER_INIT_ERROR
Description: Data Purger module initialization error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAPURGER_OPEN_FILE_ERROR
Description: Data Purger module failed to open file
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_DATAPURGER_PARSE_XML_ERROR
Description: Data Purger module failed to parse XML containing purging policies received from App server
Severity: 10 (High)
Event Category: 3 (System Logs)
PH_DATAPURGER_POLICY_ERROR
Description: Data Purger failed to implement specific event purging policy
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAPURGER_RESPONSE_ERROR
Description: Data Purger module failed to handle event database refresh/restore related requests from App server
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAPURGER_DR_ES_SNAPSHOT_FAILED
Description: Data Purger failed to do snapshot for Disaster Recovery
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAPURGER_DR_ES_RESTORE_FAILED
Description: Data Purger failed to do restore for Disaster Recovery
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAPURGER_DR_ES_SNAPSHOTS_GET_FAILED
Description: Data Purger failed to get snapshots for Disaster Recovery
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAPURGER_DR_ES_SNAPSHOT_DELETION_FAILED
Description: Data Purger failed to delete snapshots for Disaster Recovery
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_DATAPURGER_DR_ES_ROLE_UNKNOWN
Description: Elasticsearch Disaster Recovery Role is Unknown
Severity: 9 (High)
Event Category: 3 (System Logs)
PH_DATAPURGER_CMD_FAILURE
Description: Data Purger failed to run command
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
PH_ES_REST_FAILED
Description: ES REST returns error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_ES_TO_NFS_ARCHIVE_FAILED_ADD_INDEX
Description: ES TO NFS Archive failed to add an index
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_ES_SNAPSHOT_FAILED
Description: Failed to do snapshot for ES
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_ES_SM_INIT_FAILED
Description: Failed to init ShardManager
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_ES_SM_INIT_INDEX_FAILED
Description: Failed to init ShardManager Index
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_ES_SM_HOURCHECK_FAILED
Description: Failed ShardManager hourcheck
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_ES_SM_ADD_INDEX_FAILED
Description: Failed to add ShardManager Index
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_ES_INDEX_SEGMENT_MERGE_FAILED
Description: Elasticsearch index segment merge failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_CLICKHOUSE_INSERTION_DROP_EVENTS
Description: FortiSIEM dropped events while failing to insert them to ClickHouse after retries
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_CLICKHOUSE_GET_PARTITIONS_FAILED
Description: Failed to get ClickHouse partitions
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_CLICKHOUSE_GET_STORAGE_STATS_FAILED
Description: Failed to get ClickHouse storage stats
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_CLICKHOUSE_DROP_PARTITION_FAILED
Description: Failed to drop ClickHouse partitions
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
dbPartition |
DB Partition |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_CLICKHOUSE_MOVE_PARTITION_FAILED
Description: Failed to move ClickHouse partitions
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
dbPartition |
DB Partition |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
PH_CLICKHOUSE_GET_STORAGE_TIER_FAILED
Description: Failed to get ClickHouse storage tier
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_CLICKHOUSE_GET_SHARDS_FAILED
Description: Failed to get ClickHouse shards
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_CLICKHOUSE_CHECKOUT_QUERY_THREADS_FAILED
Description: Failed to checkout query threads
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_CLICKHOUSE_CHECKIN_QUERY_THREADS_FAILED
Description: Failed to checkin query threads
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_CLICKHOUSE_QUERY_REDIS_CONN_FAILURE
Description: Failed to contact with redis on super
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATAMANAGER_CLICKHOUSE_HTTP_UPLOAD_ERROR
Description: Failed to upload events to ClickHouse
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
serverName |
Server Name |
string |
|
PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_REQUEST_PARSE_FAILED
Description: Failed to parse log integrity sha256 validation request
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_RESPONSE_PARSE_FAILED
Description: Failed to parse log integrity sha256 validation request
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_RESPONSE_ERROR
Description: Received error for log integrity sha256 validation response error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_RESPONSE_EMPTY
Description: Received error for log integrity sha256 response empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_MISMATCH
Description: ClickHouse log integrity SHA256 response mismatch
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
hashSHA256 |
SHA256 Hash |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_MISMATCH_REPLICAS
Description: ClickHouse log integrity MD5 response mismatch between replicas
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
hashSHA256 |
SHA256 Hash |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
PH_CLICKHOUSE_LOG_INTEGRITY_CALCULATE_REQUEST_PARSE_FAILED
Description: Failed to parse log integrity calculate request
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_PARTITION_INFO_EMPTY
Description: ClickHouse log integrity sha256 target partition info empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
PH_CLICKHOUSE_LOG_INTEGRITY_OPTIMIZE_COMMAND_FAILED
Description: ClickHouse log integrity optimize command failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
PH_CLICKHOUSE_LOG_INTEGRITY_ACTIVE_CONSOLIDATION
Description: ClickHouse log integrity active consolidation
Severity: 3 (Low)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_LOG_INTEGRITY_EMPTY_PARTITION_CHECKSUM
Description: ClickHouse log integrity empty partition checksum
Severity: 3 (Low)
Event Category: 3 (System Logs)
PH_CLICKHOUSE_LOG_INTEGRITY_PARTITION_UPDATED_AFTER_CHECKSUM
Description: ClickHouse log integrity partition data updated after checksum calculation
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
hashSHA256 |
SHA256 Hash |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
PH_CLICKHOUSE_LOG_INTEGRITY_MIN_MAX_QUERY_FAILED
Description: ClickHouse log integrity failed min max block query
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
PH_CLICKHOUSE_LOG_INTEGRITY_EXEC_FAILED
Description: ClickHouse log integrity system command failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
errorCode |
Error Code |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
PH_CLICKHOUSE_LOG_INTEGRITY_DB_QUERY_FAILED
Description: ClickHouse log integrity failed to execute query
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_JAVAPORT
Description: FortiSIEM Elasticsearch configuration missing Java port
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_NAME
Description: FortiSIEM Elasticsearch configuration missing cluster name
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_NUMREPLICAS
Description: FortiSIEM Elasticsearch configuration missing number of replica
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_NUMSHARD
Description: FortiSIEM Elasticsearch configuration missing number of shards
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_ALL_COORDINATOR_DOWN
Description: All Coordinator nodes are down or not reachable or not responsive
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
PH_DATA_CLUSTER_BUSY
Description: Elasticsearch cluster is busy
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
PH_DATA_CLUSTER_GET_HOSTNAME_FAIL
Description: Elasticsearch popen hostname failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_ELASTIC_WRONG_JSON_FORMAT
Description: Elasticsearch "_cat/indices" API response format wrong format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_DATA_CLUSTER_ELASTIC_HTTP_CMD_FAIL
Description: Elasticsearch REST API call fails
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
msg |
Message |
string |
|
PH_DATA_CLUSTER_ELASTIC_EVENTID_NOT_FOUND
Description: Elasticsearch error string doesn't contain enough information
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_ELASTIC_INDEX_FAIL
Description: Elasticsearch indexing failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
size |
Size |
uint32 |
|
PH_DATA_CLUSTER_ELASTIC_INDEX_SEND_FAIL
Description: Elasticsearch indexing failed at the last time
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
size |
Size |
uint32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_DATA_CLUSTER_ELASTIC_INDEX_SEND_FIRST_FAIL
Description: Elasticsearch indexing failed at 1st time
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
size |
Size |
uint32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_DATA_CLUSTER_ELASTIC_INDEX_RESEND_FAIL
Description: Elasticsearch indexing failed 2nd time
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
size |
Size |
uint32 |
|
PH_DATA_CLUSTER_ELASTIC_INDEX_UPLOAD_FAIL
Description: Elasticsearch event upload via REST API failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_IP
Description: Elasticsearch cluster IP is not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_HTTPPORT
Description: Elasticsearch cluster HTTP PORT is not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_ELASTIC_CONFIG_NULL
Description: Elasticsearch cluster not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_ELASTIC_CONFIG_WRONG_FORMAT
Description: Wrng response format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_DATA_CLUSTER_ELASTIC_HTTP_CLIENT_FAIL
Description: Elasticsearch REST API call to AppSrv failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_HDFS_HTTP_CMD_FAIL
Description: HDFS REST API call to AppSrv failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
msg |
Message |
string |
|
PH_DATA_CLUSTER_HDFS_LISTSTATUS_FAIL
Description: HDFS LISTSTAUTS API failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_HDFS_SEND_FAIL
Description: HDFS storing events failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_DATA_CLUSTER_HDFS_UPLOAD_FAIL
Description: HDFS event upload via REST API failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
PH_DATA_CLUSTER_HDFS_CONFIG_NO_SERVER
Description: HDFS server in not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_HDFS_CONFIG_NO_PORT
Description: HDFS port in not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_HDFS_CONFIG_NO_YARN_SERVER
Description: HDFS yarn server in not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_HDFS_CONFIG_NO_YARN_PORT
Description: HDFS yarn port in not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_HDFS_CONFIG_NULL
Description: HDFS cluster is not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_JSON_GET_ATTRIBUTE_NAME_FAIL
Description: Elasticsearch Event Attribute name fetch failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_DATA_CLUSTER_CLICKHOUSE_CONFIG_NO_PORT
Description: ClickHouse PORT is not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLUSTER_COLLECT_ALL_IP_FAILED
Description: 670-Cluster: Failed to collect all ips of one node
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLUSTER_TASK_DATA_EMPTY
Description: 670-Cluster: Task data is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLUSTER_SCIRPT_FAILED
Description: 670-Cluste: Failed to execute script
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLUSTER_GET_FW_IP_FAILED
Description: 670-Cluster: Failed to get followerIps
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLUSTER_SEND_TASK_FAILED
Description: 670-Cluster: Failed to send task
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
task |
Task |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_CLUSTER_GET_TASK_FAILED
Description: 670-Cluster: Failed to get task
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
task |
Task |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_CLUSTER_NOT_SUPPORT_TASK
Description: 670-Cluster: This type device doesn't support this task
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLUSTER_RUN_COMMAND_FAILED
Description: 670-Cluster: Failed to run command
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
PH_CLUSTER_TASK_INFO_IS_WRONG
Description: 670-Cluster: Task info is not right
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLUSTER_TASK_NOT_CONTAIN_LIC
Description: 670-Cluster: There is no license in task
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLUSTER_RELOAD_CONFIG_FAILED
Description: 670-Cluster: Failed to re-load configuration from app server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLUSTER_RM_DB_FAILED
Description: 670-Cluster: Failed to remove DB
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLUSTER_CONFIG_SSH_KEY_FAILED
Description: 670-Cluster: Failed to configure SSH key
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
PH_CLUSTER_SSH_KEY_IS_WRONG
Description: 670-Cluster: The SSH key is wrong
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLUSTER_NOT_VALID_FELLOWER
Description: 670-Cluster: The node is invalid
Severity: 7 (Medium)
Event Category: 3 (System Logs)
PH_CLUSTER_COLLECT_CONFIG_DATA_FAILED
Description: 670-Cluster: Failed to collect config data of one node
Severity: 7 (Medium)
Event Category: 3 (System Logs)