Fortinet white logo
Fortinet white logo

FortiSIEM Reference Architecture Using ClickHouse

Monitoring Servers

Monitoring Servers

Server monitoring is typically performed by:

  • SNMP / WMI for performance and availability monitoring

  • WMI / OMI or FortiSIEM agent for device log monitoring (Windows)

  • Syslog or FortiSIEM agent for device log monitoring (Linux)

Choose the server monitoring method based on the monitoring use case, for example

  • Use WMI or OMI for basic agentless Windows server log ingestion

  • Use syslog for basic Linux server log ingestion

  • Use the Windows agent for advanced high-performance server monitoring. (Refer to the agent section for more details on the FortiSIEM agent software)

  • Use SNMP / WMI / OMI if server performance monitoring is also required

Also consider application monitoring requirements, many applications log separately or require additional configuration, check the FortiSIEM External Systems Configuration Guide at https://docs.fortinet.com/document/fortisiem/7.1.1/external-systems-configuration-guide/780675/fortisiem-external-systems-configuration-guide-online for details of supported applications and monitoring requirements.

As with network devices, performing a full discovery including performance monitoring improves the visibility of the system in FortiSIEM, and simplifies the analyst experience by fully populating the CMDB with device data.

Monitoring Servers

Monitoring Servers

Server monitoring is typically performed by:

  • SNMP / WMI for performance and availability monitoring

  • WMI / OMI or FortiSIEM agent for device log monitoring (Windows)

  • Syslog or FortiSIEM agent for device log monitoring (Linux)

Choose the server monitoring method based on the monitoring use case, for example

  • Use WMI or OMI for basic agentless Windows server log ingestion

  • Use syslog for basic Linux server log ingestion

  • Use the Windows agent for advanced high-performance server monitoring. (Refer to the agent section for more details on the FortiSIEM agent software)

  • Use SNMP / WMI / OMI if server performance monitoring is also required

Also consider application monitoring requirements, many applications log separately or require additional configuration, check the FortiSIEM External Systems Configuration Guide at https://docs.fortinet.com/document/fortisiem/7.1.1/external-systems-configuration-guide/780675/fortisiem-external-systems-configuration-guide-online for details of supported applications and monitoring requirements.

As with network devices, performing a full discovery including performance monitoring improves the visibility of the system in FortiSIEM, and simplifies the analyst experience by fully populating the CMDB with device data.