Monitoring Servers
Server monitoring is typically performed by:
-
SNMP / WMI for performance and availability monitoring
-
WMI / OMI or FortiSIEM agent for device log monitoring (Windows)
-
Syslog or FortiSIEM agent for device log monitoring (Linux)
Choose the server monitoring method based on the monitoring use case, for example
-
Use WMI or OMI for basic agentless Windows server log ingestion
-
Use syslog for basic Linux server log ingestion
-
Use the Windows agent for advanced high-performance server monitoring. (Refer to the agent section for more details on the FortiSIEM agent software)
-
Use SNMP / WMI / OMI if server performance monitoring is also required
Also consider application monitoring requirements, many applications log separately or require additional configuration, check the FortiSIEM External Systems Configuration Guide at https://docs.fortinet.com/document/fortisiem/7.0.3/external-systems-configuration-guide/780675/fortisiem-external-systems-configuration-guide-online for details of supported applications and monitoring requirements.
As with network devices, performing a full discovery including performance monitoring improves the visibility of the system in FortiSIEM, and simplifies the analyst experience by fully populating the CMDB with device data.