Fortinet white logo
Fortinet white logo

Data Manager Logs

Data Manager Logs

This section provides logs related to (a)inserting events in database, (b)moving events within various database tiers e.g. Hot, Warm, Cold, Archive, (c)generating log integrity, and (d)purging events. Supported event databases include EventDB, ClickHouse and Elasticsearch.



EventType: PH_CLICKHOUSE_CHECKIN_QUERY_THREADS_FAILED

Description: Failed to checkin query threads

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_CHECKOUT_QUERY_THREADS_FAILED

Description: Failed to checkout query threads

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_DISK_UTILS_PER_STORAGE_TIER

Description: ClickHouse disk utils per storage tier

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

diskType

Disk Type

string

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_CLICKHOUSE_DROP_PARTITION_FAILED

Description: Failed to drop ClickHouse partitions

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

dbPartition

DB Partition

string

errReason

Reason for Error

string

This is the reason for an error if given.

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_CLICKHOUSE_DROP_PARTITION_SUCCEEDED

Description: Drop ClickHouse partition successfully

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

dbPartition

DB Partition

string

command

Command

string

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_CLICKHOUSE_GET_ONLINE_NODE_FAILED

Description: ClickHouse getting online node failed

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_GET_PARTITIONS_FAILED

Description: Failed to get ClickHouse partitions

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_GET_SHARDS_FAILED

Description: Failed to get ClickHouse shards

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_GET_STORAGE_STATS_FAILED

Description: Failed to get ClickHouse storage stats

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_GET_STORAGE_TIER_FAILED

Description: Failed to get ClickHouse storage tier

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_INSERTION_DROP_EVENTS

Description: FortiSIEM dropped events while failing to insert them to ClickHouse after retries

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_CLICKHOUSE_INSERTION_EPS

Description: ClickHouse Insertion EPS

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.



EventType: PH_CLICKHOUSE_JSON_ENCODER_EPS

Description: ClickHouse JSON Encoding EPS

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.



EventType: PH_CLICKHOUSE_JSON_ENCODER_EPS_PER_THREAD

Description: ClickHouse JSON Encoding EPS per thread

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_ACTIVE_CONSOLIDATION

Description: ClickHouse log integrity active consolidation

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CALCULATE_REQUEST_PARSE_FAILED

Description: Failed to parse log integrity calculate request

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CALCULATE_REQUEST_STARTED

Description: ClickHouse partition consolidation request started

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CANDIDATE_PARTITIONS

Description: Clickhouse log integrity candidate partitions

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CONSOLIDATION_DATE

Description: ClickHouse log integrity consolidation target date

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CONSOLIDATION_STATUS_CHANGE

Description: ClickHouse partition consolidation status change

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_DONE

Description: ClickHouse daily consolidation done

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_STARTED

Description: ClickHouse daily consolidation started

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_STOPPED

Description: ClickHouse daily consolidation stopped

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_TIMER

Description: ClickHouse log integrity daily consolidation timer pops

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DB_QUERY_FAILED

Description: ClickHouse log integrity failed to execute query

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_EMPTY_PARTITION_CHECKSUM

Description: ClickHouse log integrity empty partition checksum

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_EXEC_FAILED

Description: ClickHouse log integrity system command failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

errorCode

Error Code

string

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_MIN_MAX_QUERY_FAILED

Description: ClickHouse log integrity failed min max block query

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_OPTIMIZE_COMMAND_FAILED

Description: ClickHouse log integrity optimize command failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_PARTITION_CONSOLIDATION_DONE

Description: ClickHouse partition consolidation done

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

hashSHA256

SHA256 Hash

string



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_PARTITION_CONSOLIDATION_STARTED

Description: ClickHouse partition consolidation started

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_PARTITION_UPDATED_AFTER_CHECKSUM

Description: ClickHouse log integrity partition data updated after checksum calculation

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

hashSHA256

SHA256 Hash

string

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_MISMATCH

Description: ClickHouse log integrity SHA256 response mismatch

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

hashSHA256

SHA256 Hash

string

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_MISMATCH_REPLICAS

Description: ClickHouse log integrity MD5 response mismatch between replicas

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

hashSHA256

SHA256 Hash

string

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_PARTITION_INFO_EMPTY

Description: ClickHouse log integrity sha256 target partition info empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

shard

Shard

string

dbPartition

DB Partition

string

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_REQUEST_PARSE_FAILED

Description: Failed to parse log integrity sha256 validation request

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_RESPONSE_EMPTY

Description: Received error for log integrity sha256 response empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_RESPONSE_ERROR

Description: Received error for log integrity sha256 validation response error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_RESPONSE_PARSE_FAILED

Description: Failed to parse log integrity sha256 validation request

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_MOVE_PARTITION_FAILED

Description: Failed to move ClickHouse partitions

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

dbPartition

DB Partition

string

errReason

Reason for Error

string

This is the reason for an error if given.

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_CLICKHOUSE_MOVE_PARTITION_SUCCEEDED

Description: Move ClickHouse partition successfully

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

dbPartition

DB Partition

string

command

Command

string

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_CLICKHOUSE_QUERY_REDIS_CONN_FAILURE

Description: Failed to contact with redis on super

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_QUERY_REDIS_GET_FAILURE

Description: Fail to get values from redis

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

queryId

Query Id

string



EventType: PH_CLICKHOUSE_QUERY_UNCOMPRESS_FAILURE

Description: Failed to uncompress data

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_QUERY_ZLIB_INIT_FAILURE

Description: Failed to initialize zlib library

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_RESOURCE_TRACKER_QUERY_CHECKIN

Description: ClickHouse query checkin

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

queryId

Query Id

string



EventType: PH_CLICKHOUSE_RESOURCE_TRACKER_QUERY_CHECKOUT

Description: ClickHouse query checkout

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

queryId

Query Id

string



EventType: PH_CLICKHOUSE_RESOURCE_TRACKER_THREADS_CHECKIN

Description: ClickHouse query threads checkin

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

queryId

Query Id

string

replica

Replica

string

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_CLICKHOUSE_RESOURCE_TRACKER_THREADS_CHECKOUT

Description: ClickHouse query threads checkout

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

queryId

Query Id

string

replica

Replica

string

serverIpAddr

Server IP

IP

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_CLICKHOUSE_ROUND_ROBIN_INSERTION

Description: Insert events to ClickHouse in roundrobin fashion

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.



EventType: PH_CLICKHOUSE_ROUND_ROBIN_QUERY

Description: Query from ClickHouse in roundrobin fashion

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.



EventType: PH_CLICKHOUSE_STORAGE_FREE_SPACE_CRITICAL

Description: ClickHouse lowest storage tier free space critical

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_CLICKHOUSE_STORAGE_FREE_SPACE_LOW

Description: ClickHouse lowest storage tier free space low

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_CLICKHOUSE_STORAGE_UTILS_PER_ORG_PER_DAY

Description: ClickHouse disk utils per organization per day

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_WRITE_FAILED

Description: ClickHouse Insertion failed

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_CLUSTER_COLLECT_ALL_IP_FAILED

Description: 670-Cluster: Failed to collect all ips of one node

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_COLLECT_CONFIG_DATA_FAILED

Description: 670-Cluster: Failed to collect config data of one node

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_CONFIG_SSH_KEY_FAILED

Description: 670-Cluster: Failed to configure SSH key

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_CLUSTER_GET_FW_IP_FAILED

Description: 670-Cluster: Failed to get followerIps

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_GET_TASK_FAILED

Description: 670-Cluster: Failed to get task

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

task

Task

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_CLUSTER_NOT_SUPPORT_TASK

Description: 670-Cluster: This type device doesn't support this task

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_NOT_VALID_FELLOWER

Description: 670-Cluster: The node is invalid

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_RELOAD_CONFIG_FAILED

Description: 670-Cluster: Failed to re-load configuration from app server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_RM_DB_FAILED

Description: 670-Cluster: Failed to remove DB

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_RUN_COMMAND_FAILED

Description: 670-Cluster: Failed to run command

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string



EventType: PH_CLUSTER_SCIRPT_FAILED

Description: 670-Cluste: Failed to execute script

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_SEND_TASK_FAILED

Description: 670-Cluster: Failed to send task

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

task

Task

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_CLUSTER_SSH_KEY_IS_WRONG

Description: 670-Cluster: The SSH key is wrong

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_TASK_DATA_EMPTY

Description: 670-Cluster: Task data is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_TASK_INFO_IS_WRONG

Description: 670-Cluster: Task info is not right

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_TASK_NOT_CONTAIN_LIC

Description: 670-Cluster: There is no license in task

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAINTEGRITY_PASSPHRASE_LOAD_ERROR

Description: Data integrity module failed to load passphrase from App Server. Passphrase is needed for signing events

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAINTEGRITY_SIGNER_ERROR

Description: Data integrity module failed to sign event data for message integrity

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAINTEGRITY_UTILS_ERROR

Description: Generic data integrity utilities error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAINTEGRITY_VERIFIER_ERROR

Description: Data integrity module failed to verify event data for message integrity

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAMANAGER_CLICKHOUSE_HTTP_UPLOAD_ERROR

Description: Failed to upload events to ClickHouse

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

serverName

Server Name

string



EventType: PH_DATAMANAGER_CLUSTER_ENCODE_ERROR

Description: Elasticsearch event encode error while writing events

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_CLUSTER_INIT_ERROR

Description: Elasticsearch client initialization failed

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_CLUSTER_WAIT_ERROR

Description: Elasticsearch client failed tp get event block from sharedstore

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_CLUSTER_WRITER_ERROR

Description: Elasticsearch cluster writer error

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_DASHBOARD_RESPONSE_ERROR

Description: Data Manager failed to respond to Query Master for summary dashboard query requests

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_ELASTICWRITER_ERROR

Description: Elasticsearch client failed to write events to Elasticsearch

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTATTR_ERROR

Description: Data Manager found unknown event attribute while writing to database

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_EVTCACHE_DUPLICATE_ERROR

Description: Data Manager found duplicate event id in event cache for trigger event query

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_EVTCACHE_GET_ERROR

Description: Data Manager failed to get event from event cache for trigger event query

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTCACHE_PARSE_ERROR

Description: Data Manager failed to parse trigger event query XML from Query Master

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTDBNOTIFIER_ERROR

Description: Data Manager failed to upload event-file-signature related details to App Server

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTIDX_CORRUPT_ERROR

Description: Data Manager detected event index corruption

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAMANAGER_EVTIDX_MERGE_ERROR

Description: Data Manager failed to merge event index

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.

dirName

Directory Name

string



EventType: PH_DATAMANAGER_EVTIDX_QUERY_ERROR

Description: Data Manager failed to read event index during query

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTIDX_READ_BLOCK_ERROR

Description: Data Manager failed to read event file block during query or index merge

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTIDX_READ_KEY_ERROR

Description: Data Manager failed to read event file index during query or index merge

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTIDX_READ_POST_ERROR

Description: Data Manager failed to read event index posting file during query or index merge

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTIDX_WRITE_ERROR

Description: Data Manager failed to write event index

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAMANAGER_EVTIDX_WRITE_KEY_ERROR

Description: Data Manager failed to write event index file key

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAMANAGER_EVTIDX_WRITE_POST_ERROR

Description: Data Manager failed to write event index posting file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTLOADER_ERROR

Description: Data Manager failed to load events from shared buffer

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

dirName

Directory Name

string



EventType: PH_DATAMANAGER_EVTWRITER_ERROR

Description: Data Manager failed to store events to event database

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_DATAMANAGER_EXPORT_ERROR

Description: Data Manager failed to export events from event database

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_FILE_READ_FAILURE

Description: FortiSIEM DataManager failed to read file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_DATAMANAGER_FILE_RENAME_FAILURE

Description: FortiSIEM DataManager failed to rename file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_DATAMANAGER_FILE_SIGN_ERROR

Description: Data Manager failed to sign event files for message integrity

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_DATAMANAGER_FILE_WRITE_FAILURE

Description: FortiSIEM DataManager failed to write file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_DATAMANAGER_GET_SIGN_ERROR

Description: Data Manager failed to read event message integrity signatures

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_DATAMANAGER_GLOBAL_CACHE_MISSING

Description: FortiSIEM DataManager missing global cache

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_HDFSWRITER_ERROR

Description: Data Manager module failed to write to HDFS

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

infoURL

Informational URL

string

This field captures an URL if present in an event

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATAMANAGER_HTTP_UPLOAD_ERROR

Description: Data Manager module failed to upload event database statistics to App server

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_DATAMANAGER_INIT_ERROR

Description: Data Manager module initialization error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_INTEGRITY_CHECK_ERROR

Description: Data Manager failed to do integrity check for certain event files

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAMANAGER_INTEGRITY_RESPONSE_ERROR

Description: Data Manager failed to respond to App Server for log integrity check requests

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_INVALID_LOG_FILE

Description: FortiSIEM DataManager invalid log file

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_IP_TYPE_INVALID

Description: Invalid IP type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_KAFKAWRITER_CONFIG_ERROR

Description: Data Manager failed to load Kafka configuration from App server

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_KAFKAWRITER_ERROR

Description: Data Manager failed to write events to Kafka message bus

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

errorString

Error String

string

This is the error message, synonymous to attribute errReason

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_DATAMANAGER_LOG_BUFFER_PAUSED_LOW_SPACE

Description: PerCust event buffer is paused because of low free space

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_LOG_BUFFER_PAUSED_STATFS_FAILURE

Description: PerCust event buffer is paused because of statfs failure

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_LOG_BUFFER_RESUMED

Description: PerCust event buffer is resumed

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_PUT_SIGN_ERROR

Description: Data Manager failed to store event file integrity signatures

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_DATAMANAGER_QUERY_EXPR_ERROR

Description: Data Manager failed to parse trigger event query expression

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_QUERY_RESPONSE_ERROR

Description: Data Manager failed to respond to Query Master for incident trigger event query requests

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_REDIS_KEY_NOT_EXIST

Description: redis key not exist

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_SUMMARYWRITER_ERROR

Description: Data Manager failed to write inline report results

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_DATAMGR_BAD_EVTBLKIDX_FILE

Description: Bad event block index file

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_BAD_SEGMENT

Description: Bad data segment

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_INDEX_MERGE_FAILED

Description: Failed to merge indices

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_INDEX_MERGE_FAILED_INDEX

Description: Index that failed to merge

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_INDEX_MERGE_FAILED_INDEX_GROUP

Description: Index group that failed to merge

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_SEGMENT_MERGE_ERROR

Description: Datamgr segment merge error

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_SEGMENT_MERGE_FAILED

Description: Failed to merge segments

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_UNABLE_FLUSH_INDEX

Description: Failed to flush index

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_UNABLE_OPEN_EVTBLK_FILE

Description: Unable to open event block file

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAPURGER_ARCHIVE_TASK_ERROR

Description: Data Purger failed to archive events but they are purged

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_CMD_FAILURE

Description: Data Purger failed to run command

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

errorNoInt

Error Number Int

int32



EventType: PH_DATAPURGER_DR_ES_RESTORE_FAILED

Description: Data Purger failed to do restore for Disaster Recovery

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_DR_ES_ROLE_UNKNOWN

Description: Elasticsearch Disaster Recovery Role is Unknown

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAPURGER_DR_ES_SNAPSHOTS_GET_FAILED

Description: Data Purger failed to get snapshots for Disaster Recovery

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_DR_ES_SNAPSHOT_DELETION_FAILED

Description: Data Purger failed to delete snapshots for Disaster Recovery

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_DR_ES_SNAPSHOT_FAILED

Description: Data Purger failed to do snapshot for Disaster Recovery

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_DUCHECKER_ERROR

Description: Data Purger failed to check disk usage

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_ENFORCE_ERROR

Description: Data Purger failed to enforce event purging policy

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_EVAL_ERROR

Description: Data Purger failed to evaluate event purging policies for a particular day

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_HTTP_UPLOAD_ERROR

Description: Data Purger failed to upload disk usage to App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_INIT_ERROR

Description: Data Purger module initialization error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_OPEN_FILE_ERROR

Description: Data Purger module failed to open file

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_DATAPURGER_PARSE_XML_ERROR

Description: Data Purger module failed to parse XML containing purging policies received from App server

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAPURGER_POLICY_ERROR

Description: Data Purger failed to implement specific event purging policy

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_RESPONSE_ERROR

Description: Data Purger module failed to handle event database refresh/restore related requests from App server

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATA_CLUSTER_ALL_COORDINATOR_DOWN

Description: All Coordinator nodes are down or not reachable or not responsive

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_DATA_CLUSTER_BUSY

Description: Elasticsearch cluster is busy

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostName

Host Name

string

This is the hostname of the device of interest in the event



EventType: PH_DATA_CLUSTER_CLICKHOUSE_CONFIG_NO_PORT

Description: ClickHouse PORT is not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_COORDINATOR_DOWN

Description: Coordinator is down or not reachable or not responsive

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_DATA_CLUSTER_COORDINATOR_UP

Description: Coordinator is up

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_HTTPPORT

Description: Elasticsearch cluster HTTP PORT is not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_IP

Description: Elasticsearch cluster IP is not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_JAVAPORT

Description: FortiSIEM Elasticsearch configuration missing Java port

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_NAME

Description: FortiSIEM Elasticsearch configuration missing cluster name

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_NUMREPLICAS

Description: FortiSIEM Elasticsearch configuration missing number of replica

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_NUMSHARD

Description: FortiSIEM Elasticsearch configuration missing number of shards

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NULL

Description: Elasticsearch cluster not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_WRONG_FORMAT

Description: Wrng response format

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATA_CLUSTER_ELASTIC_EVENTID_NOT_FOUND

Description: Elasticsearch error string doesn't contain enough information

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_HTTP_CLIENT_FAIL

Description: Elasticsearch REST API call to AppSrv failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_HTTP_CMD_FAIL

Description: Elasticsearch REST API call fails

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

msg

Message

string



EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_FAIL

Description: Elasticsearch indexing failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

size

Size

uint32



EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_RESEND_FAIL

Description: Elasticsearch indexing failed 2nd time

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

size

Size

uint32



EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_SEND_FAIL

Description: Elasticsearch indexing failed at the last time

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

size

Size

uint32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_SEND_FIRST_FAIL

Description: Elasticsearch indexing failed at 1st time

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

size

Size

uint32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_UPLOAD_FAIL

Description: Elasticsearch event upload via REST API failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATA_CLUSTER_ELASTIC_WRONG_JSON_FORMAT

Description: Elasticsearch "_cat/indices" API response format wrong format

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATA_CLUSTER_GET_HOSTNAME_FAIL

Description: Elasticsearch popen hostname failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NO_PORT

Description: HDFS port in not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NO_SERVER

Description: HDFS server in not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NO_YARN_PORT

Description: HDFS yarn port in not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NO_YARN_SERVER

Description: HDFS yarn server in not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NULL

Description: HDFS cluster is not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_HTTP_CMD_FAIL

Description: HDFS REST API call to AppSrv failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

infoURL

Informational URL

string

This field captures an URL if present in an event

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

msg

Message

string



EventType: PH_DATA_CLUSTER_HDFS_LISTSTATUS_FAIL

Description: HDFS LISTSTAUTS API failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_SEND_FAIL

Description: HDFS storing events failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATA_CLUSTER_HDFS_UPLOAD_FAIL

Description: HDFS event upload via REST API failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_DATA_CLUSTER_JSON_GET_ATTRIBUTE_NAME_FAIL

Description: Elasticsearch Event Attribute name fetch failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_ARCHIVE_STORAGE_CHECK_ERROR

Description: Failed to get disk usage of Elasticsearch Cluster archive

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_ES_ARCHIVE_STORAGE_LOW

Description: The available storage of archive for Elasticsearch Cluster is low

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_ARCHIVE_STORAGE_PURGING_FAILED

Description: Failed purge snapshot from archive on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_ES_ARCHIVE_STORAGE_PURGING_FINISHED

Description: Finished purge snapshot from archive on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_ARCHIVE_STORAGE_PURGING_STARTED

Description: Start purge snapshots from archive on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_ARCHIVE_STORAGE_PURGING_SUCCESS

Description: Succeed purge snapshots from archive on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_ARCHIVE_STORAGE_USAGE

Description: Disk usage of Elasticsearch Cluster archive

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_CCR_DELAY

Description: Elasticsearch CCR delay detail

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_COLD_STORAGE_ARCHIVING_FAILED

Description: Failed to archive indices from cold nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_COLD_STORAGE_ARCHIVING_FINISHED

Description: Finished archive indices from cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_COLD_STORAGE_ARCHIVING_STARTED

Description: Start archive indices from cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_COLD_STORAGE_ARCHIVING_SUCCESS

Description: Successfully archived indices from cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_COLD_STORAGE_CHECK_ERROR

Description: Failed to get disk usage of Elasticsearch Cluster cold nodes

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_ES_COLD_STORAGE_LOW

Description: The available storage of cold nodes on Elasticsearch Cluster is low

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_COLD_STORAGE_PURGING_FAILED

Description: Failed purge indices from cold nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_COLD_STORAGE_PURGING_FINISHED

Description: Finished purge indices from cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_COLD_STORAGE_PURGING_STARTED

Description: Start purge indices from cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_COLD_STORAGE_PURGING_SUCCESS

Description: Succeed purge indices from cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_COLD_STORAGE_USAGE

Description: Disk usage of Elasticsearch Cold nodes

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_HOTCOLD_STORAGE_MOVING_FAILED

Description: Failed move indices from Hot to cold nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_HOTCOLD_STORAGE_MOVING_FINISHED

Description: Finished moved indices from Hot to cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOTCOLD_STORAGE_MOVING_STARTED

Description: Start move indices from Hot to cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOTCOLD_STORAGE_MOVING_SUCCESS

Description: Succeed moved indices from Hot to cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_ARCHIVING_FAILED

Description: Failed archive indices from hot nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_HOT_STORAGE_ARCHIVING_FINISHED

Description: Finished archive indices from hot nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_ARCHIVING_STARTED

Description: Start archive indices from hot nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_ARCHIVING_SUCCESS

Description: Succeed archive indices from hot nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_CHECK_ERROR

Description: Failed to get disk usage of Elasticsearch Cluster Hot Nodes

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_ES_HOT_STORAGE_LOW

Description: The available storage of Hot Nodes on Elasticsearch Cluster is low

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_HOT_STORAGE_MOVING_FAILED

Description: Failed move indices from Hot to warm nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_HOT_STORAGE_MOVING_FINISHED

Description: Finished moved indices from Hot to warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_MOVING_STARTED

Description: Start move indices from Hot to warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_MOVING_SUCCESS

Description: Succeed moved indices from Hot to warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_PURGING_FAILED

Description: Failed purge indices from hot nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_HOT_STORAGE_PURGING_FINISHED

Description: Finished purge indices from hot nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_PURGING_STARTED

Description: Start purge indices from hot nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_PURGING_SUCCESS

Description: Succeed purge indices from hot nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_USAGE

Description: Disk usage of Elasticsearch Hot Nodes

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_INDEX_SEGMENT_MERGE_FAILED

Description: Elasticsearch index segment merge failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_ES_REST_FAILED

Description: ES REST returns error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_SM_ADD_INDEX_FAILED

Description: Failed to add ShardManager Index

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_SM_HOURCHECK_FAILED

Description: Failed ShardManager hourcheck

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_SM_INIT_FAILED

Description: Failed to init ShardManager

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_SM_INIT_INDEX_FAILED

Description: Failed to init ShardManager Index

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_SNAPSHOT_FAILED

Description: Failed to do snapshot for ES

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_TO_NFS_ARCHIVE_FAILED_ADD_INDEX

Description: ES TO NFS Archive failed to add an index

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_WARM_STORAGE_ARCHIVING_FAILED

Description: Failed to archive indices from warm nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_WARM_STORAGE_ARCHIVING_FINISHED

Description: Finished archive indices from warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_ARCHIVING_STARTED

Description: Start archive indices from warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_ARCHIVING_SUCCESS

Description: Successfully archived indices from warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_CHECK_ERROR

Description: Failed to get disk usage of Elasticsearch Cluster warm nodes

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_ES_WARM_STORAGE_LOW

Description: The available storage of warm nodes on Elasticsearch Cluster is low

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_WARM_STORAGE_MOVING_FAILED

Description: Failed move indices from Warm to cold nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_WARM_STORAGE_MOVING_FINISHED

Description: Finished moved indices from Warm to cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_MOVING_STARTED

Description: Start move indices from Warm to cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_MOVING_SUCCESS

Description: Succeed moved indices from Warm to cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_PURGING_FAILED

Description: Failed purge indices from warm nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_WARM_STORAGE_PURGING_FINISHED

Description: Finished purge indices from warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_PURGING_STARTED

Description: Start purge indices from warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_PURGING_SUCCESS

Description: Succeed purge indices from warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_USAGE

Description: Disk usage of Elasticsearch Warm nodes

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_HDFS_ARCHIVE_STORAGE_LOW

Description: The available storage of HDFS Archive database is low

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_HDFS_ARCHIVE_STORAGE_USAGE

Description: Storage usage of HDFS Archive database

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_HDFS_PURGING_FAILED

Description: Failed purging from HDFS Archive database

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_HDFS_PURGING_FINISHED

Description: Finished purging from HDFS Archive database - triggered by low space

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_HDFS_PURGING_STARTED

Description: Started purging from HDFS Archive database - triggered by low space

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_HDFS_PURGING_SUCCESS

Description: Successfully purged from HDFS Archive database - triggered by low space

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_SYSTEM_ARCHIVE_LOW

Description: FortiSIEM EventDB Archive disk space low

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGED_LOW_SPACE

Description: Event database archive files purged to make room for new archive

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGED_POLICY

Description: Event database archive files purged by policy

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_LOW_SPACE_FAILED

Description: Failed to purge Archive FortiSIEM EventDB - purge caused by low available space

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_LOW_SPACE_FINISHED

Description: Successfully purged Archive FortiSIEM EventDB -purge caused by low available space

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_LOW_SPACE_STARTED

Description: Started to purge Archive FortiSIEM EventDB because of low available space

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_LOW_SPACE_SUCCESS

Description: Successfully purged Archive FortiSIEM EventDB because of low available space

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_POLICY_FAILED

Description: Failed to purge Archive FortiSIEM EventDB - purge caused by policy

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_POLICY_FINISHED

Description: Successfully purged Archive FortiSIEM EventDB - purge caused by policy

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_SYSTEM_ARCHIVE_PURGING_POLICY_STARTED

Description: Started to purge Archive FortiSIEM EventDB - purge caused by policy

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_POLICY_SUCCESS

Description: Successfully purged Archive FortiSIEM EventDB - purge caused by policy

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_RETENTION_POLICY_VIOLATED

Description: Archive retention policy violation

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant



EventType: PH_SYSTEM_ARCHIVE_USAGE

Description: Archive disk usage

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

diskUsage

Disk Used MB

uint64



EventType: PH_SYSTEM_DATAMGR_ARCHIVE_SKIP

Description: Online FortiSIEM EventDB Archiving skipped since the directory has data

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_ARCHIVING_FAILED

Description: Online FortiSIEM EventDB Archiving encountered errors

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_ARCHIVING_FINISHED

Description: Online FortiSIEM EventDB Archiving completed

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_ARCHIVING_STARTED

Description: Online FortiSIEM EventDB Archiving started

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_ARCHIVING_SUCCESS

Description: Online FortiSIEM EventDB Archiving success

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_PURGED

Description: Event database files purged

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant



EventType: PH_SYSTEM_DISK_PURGING_FAILED

Description: Online FortiSIEM EventDB Purging encountered errors

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_PURGING_FINISHED

Description: Online FortiSIEM EventDB Purging completed

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_PURGING_STARTED

Description: Online FortiSIEM EventDB Purging started

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_PURGING_SUCCESS

Description: Online FortiSIEM EventDB Purging success

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_USAGE

Description: Disk usage of customer

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

diskUsage

Disk Used MB

uint64



EventType: PH_SYSTEM_DISK_USAGE_WARNING

Description: FortiSIEM EventDB disk usage close to limit

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant



EventType: PH_SYSTEM_ONLINE_RETENTION_POLICY_VIOLATED

Description: Online data retention policy violation

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

policyName

Policy Name

string



EventType: PH_SYSTEM_RETENTION_POLICY_EXEC_TIME

Description: Data retention policy enforcement time

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

runTime

Run Time

uint64



EventType: PH_SYSTEM_RETENTION_POLICY_FAILED

Description: Data retention policy enforcement failed

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_SYSTEM_RETENTION_POLICY_FINISHED

Description: Data retention policy enforcement finished

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_RETENTION_POLICY_STARTED

Description: Data retention policy enforcement started

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_RETENTION_POLICY_STATS

Description: Data retention policy enforcement statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_SYSTEM_RETENTION_POLICY_SUCCESS

Description: Data retention policy enforcement succeeded

Severity: 1 (Low)

Event Category: 3 (System Logs)

Data Manager Logs

Data Manager Logs

This section provides logs related to (a)inserting events in database, (b)moving events within various database tiers e.g. Hot, Warm, Cold, Archive, (c)generating log integrity, and (d)purging events. Supported event databases include EventDB, ClickHouse and Elasticsearch.



EventType: PH_CLICKHOUSE_CHECKIN_QUERY_THREADS_FAILED

Description: Failed to checkin query threads

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_CHECKOUT_QUERY_THREADS_FAILED

Description: Failed to checkout query threads

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_DISK_UTILS_PER_STORAGE_TIER

Description: ClickHouse disk utils per storage tier

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

serverIpAddr

Server IP

IP

diskType

Disk Type

string

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_CLICKHOUSE_DROP_PARTITION_FAILED

Description: Failed to drop ClickHouse partitions

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

dbPartition

DB Partition

string

errReason

Reason for Error

string

This is the reason for an error if given.

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_CLICKHOUSE_DROP_PARTITION_SUCCEEDED

Description: Drop ClickHouse partition successfully

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

dbPartition

DB Partition

string

command

Command

string

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_CLICKHOUSE_GET_ONLINE_NODE_FAILED

Description: ClickHouse getting online node failed

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_GET_PARTITIONS_FAILED

Description: Failed to get ClickHouse partitions

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_GET_SHARDS_FAILED

Description: Failed to get ClickHouse shards

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_GET_STORAGE_STATS_FAILED

Description: Failed to get ClickHouse storage stats

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_GET_STORAGE_TIER_FAILED

Description: Failed to get ClickHouse storage tier

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_INSERTION_DROP_EVENTS

Description: FortiSIEM dropped events while failing to insert them to ClickHouse after retries

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_CLICKHOUSE_INSERTION_EPS

Description: ClickHouse Insertion EPS

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.



EventType: PH_CLICKHOUSE_JSON_ENCODER_EPS

Description: ClickHouse JSON Encoding EPS

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.



EventType: PH_CLICKHOUSE_JSON_ENCODER_EPS_PER_THREAD

Description: ClickHouse JSON Encoding EPS per thread

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

eventsPerSec

Event Rate

double

A generic attribute for recording event ingestion or handling rate.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_ACTIVE_CONSOLIDATION

Description: ClickHouse log integrity active consolidation

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CALCULATE_REQUEST_PARSE_FAILED

Description: Failed to parse log integrity calculate request

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CALCULATE_REQUEST_STARTED

Description: ClickHouse partition consolidation request started

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CANDIDATE_PARTITIONS

Description: Clickhouse log integrity candidate partitions

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CONSOLIDATION_DATE

Description: ClickHouse log integrity consolidation target date

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CONSOLIDATION_STATUS_CHANGE

Description: ClickHouse partition consolidation status change

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_DONE

Description: ClickHouse daily consolidation done

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_STARTED

Description: ClickHouse daily consolidation started

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_STOPPED

Description: ClickHouse daily consolidation stopped

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_TIMER

Description: ClickHouse log integrity daily consolidation timer pops

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DB_QUERY_FAILED

Description: ClickHouse log integrity failed to execute query

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_EMPTY_PARTITION_CHECKSUM

Description: ClickHouse log integrity empty partition checksum

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_EXEC_FAILED

Description: ClickHouse log integrity system command failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

errorCode

Error Code

string

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_MIN_MAX_QUERY_FAILED

Description: ClickHouse log integrity failed min max block query

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_OPTIMIZE_COMMAND_FAILED

Description: ClickHouse log integrity optimize command failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_PARTITION_CONSOLIDATION_DONE

Description: ClickHouse partition consolidation done

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

hashSHA256

SHA256 Hash

string



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_PARTITION_CONSOLIDATION_STARTED

Description: ClickHouse partition consolidation started

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_PARTITION_UPDATED_AFTER_CHECKSUM

Description: ClickHouse log integrity partition data updated after checksum calculation

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

hashSHA256

SHA256 Hash

string

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_MISMATCH

Description: ClickHouse log integrity SHA256 response mismatch

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

hashSHA256

SHA256 Hash

string

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_MISMATCH_REPLICAS

Description: ClickHouse log integrity MD5 response mismatch between replicas

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

validFrom

Valid From

Date

validTo

Valid To

Date

shard

Shard

string

dbPartition

DB Partition

string

hashSHA256

SHA256 Hash

string

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_PARTITION_INFO_EMPTY

Description: ClickHouse log integrity sha256 target partition info empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

shard

Shard

string

dbPartition

DB Partition

string

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.



EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_REQUEST_PARSE_FAILED

Description: Failed to parse log integrity sha256 validation request

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_RESPONSE_EMPTY

Description: Received error for log integrity sha256 response empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_RESPONSE_ERROR

Description: Received error for log integrity sha256 validation response error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_RESPONSE_PARSE_FAILED

Description: Failed to parse log integrity sha256 validation request

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_MOVE_PARTITION_FAILED

Description: Failed to move ClickHouse partitions

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

dbPartition

DB Partition

string

errReason

Reason for Error

string

This is the reason for an error if given.

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_CLICKHOUSE_MOVE_PARTITION_SUCCEEDED

Description: Move ClickHouse partition successfully

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.

dbPartition

DB Partition

string

command

Command

string

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_CLICKHOUSE_QUERY_REDIS_CONN_FAILURE

Description: Failed to contact with redis on super

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_QUERY_REDIS_GET_FAILURE

Description: Fail to get values from redis

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

queryId

Query Id

string



EventType: PH_CLICKHOUSE_QUERY_UNCOMPRESS_FAILURE

Description: Failed to uncompress data

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_QUERY_ZLIB_INIT_FAILURE

Description: Failed to initialize zlib library

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_RESOURCE_TRACKER_QUERY_CHECKIN

Description: ClickHouse query checkin

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

queryId

Query Id

string



EventType: PH_CLICKHOUSE_RESOURCE_TRACKER_QUERY_CHECKOUT

Description: ClickHouse query checkout

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

queryId

Query Id

string



EventType: PH_CLICKHOUSE_RESOURCE_TRACKER_THREADS_CHECKIN

Description: ClickHouse query threads checkin

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

queryId

Query Id

string

replica

Replica

string

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_CLICKHOUSE_RESOURCE_TRACKER_THREADS_CHECKOUT

Description: ClickHouse query threads checkout

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

queryId

Query Id

string

replica

Replica

string

serverIpAddr

Server IP

IP

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_CLICKHOUSE_ROUND_ROBIN_INSERTION

Description: Insert events to ClickHouse in roundrobin fashion

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.



EventType: PH_CLICKHOUSE_ROUND_ROBIN_QUERY

Description: Query from ClickHouse in roundrobin fashion

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

destIpAddr

Destination IP

IP

Destination IP of a device as identified in the event.



EventType: PH_CLICKHOUSE_STORAGE_FREE_SPACE_CRITICAL

Description: ClickHouse lowest storage tier free space critical

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_CLICKHOUSE_STORAGE_FREE_SPACE_LOW

Description: ClickHouse lowest storage tier free space low

Severity: 6 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostIpAddr

Host IP

IP

This is the IP of the device of interest in the event.

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_CLICKHOUSE_STORAGE_UTILS_PER_ORG_PER_DAY

Description: ClickHouse disk utils per organization per day

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_CLICKHOUSE_WRITE_FAILED

Description: ClickHouse Insertion failed

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

count

Count

uint32

A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also.



EventType: PH_CLUSTER_COLLECT_ALL_IP_FAILED

Description: 670-Cluster: Failed to collect all ips of one node

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_COLLECT_CONFIG_DATA_FAILED

Description: 670-Cluster: Failed to collect config data of one node

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_CONFIG_SSH_KEY_FAILED

Description: 670-Cluster: Failed to configure SSH key

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_CLUSTER_GET_FW_IP_FAILED

Description: 670-Cluster: Failed to get followerIps

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_GET_TASK_FAILED

Description: 670-Cluster: Failed to get task

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

task

Task

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_CLUSTER_NOT_SUPPORT_TASK

Description: 670-Cluster: This type device doesn't support this task

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_NOT_VALID_FELLOWER

Description: 670-Cluster: The node is invalid

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_RELOAD_CONFIG_FAILED

Description: 670-Cluster: Failed to re-load configuration from app server

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_RM_DB_FAILED

Description: 670-Cluster: Failed to remove DB

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_RUN_COMMAND_FAILED

Description: 670-Cluster: Failed to run command

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string



EventType: PH_CLUSTER_SCIRPT_FAILED

Description: 670-Cluste: Failed to execute script

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_SEND_TASK_FAILED

Description: 670-Cluster: Failed to send task

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

task

Task

string

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_CLUSTER_SSH_KEY_IS_WRONG

Description: 670-Cluster: The SSH key is wrong

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_TASK_DATA_EMPTY

Description: 670-Cluster: Task data is empty

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_TASK_INFO_IS_WRONG

Description: 670-Cluster: Task info is not right

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_CLUSTER_TASK_NOT_CONTAIN_LIC

Description: 670-Cluster: There is no license in task

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAINTEGRITY_PASSPHRASE_LOAD_ERROR

Description: Data integrity module failed to load passphrase from App Server. Passphrase is needed for signing events

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAINTEGRITY_SIGNER_ERROR

Description: Data integrity module failed to sign event data for message integrity

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAINTEGRITY_UTILS_ERROR

Description: Generic data integrity utilities error

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAINTEGRITY_VERIFIER_ERROR

Description: Data integrity module failed to verify event data for message integrity

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAMANAGER_CLICKHOUSE_HTTP_UPLOAD_ERROR

Description: Failed to upload events to ClickHouse

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

serverName

Server Name

string



EventType: PH_DATAMANAGER_CLUSTER_ENCODE_ERROR

Description: Elasticsearch event encode error while writing events

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_CLUSTER_INIT_ERROR

Description: Elasticsearch client initialization failed

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_CLUSTER_WAIT_ERROR

Description: Elasticsearch client failed tp get event block from sharedstore

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_CLUSTER_WRITER_ERROR

Description: Elasticsearch cluster writer error

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_DASHBOARD_RESPONSE_ERROR

Description: Data Manager failed to respond to Query Master for summary dashboard query requests

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_ELASTICWRITER_ERROR

Description: Elasticsearch client failed to write events to Elasticsearch

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTATTR_ERROR

Description: Data Manager found unknown event attribute while writing to database

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_EVTCACHE_DUPLICATE_ERROR

Description: Data Manager found duplicate event id in event cache for trigger event query

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_EVTCACHE_GET_ERROR

Description: Data Manager failed to get event from event cache for trigger event query

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTCACHE_PARSE_ERROR

Description: Data Manager failed to parse trigger event query XML from Query Master

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTDBNOTIFIER_ERROR

Description: Data Manager failed to upload event-file-signature related details to App Server

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTIDX_CORRUPT_ERROR

Description: Data Manager detected event index corruption

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAMANAGER_EVTIDX_MERGE_ERROR

Description: Data Manager failed to merge event index

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.

dirName

Directory Name

string



EventType: PH_DATAMANAGER_EVTIDX_QUERY_ERROR

Description: Data Manager failed to read event index during query

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTIDX_READ_BLOCK_ERROR

Description: Data Manager failed to read event file block during query or index merge

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTIDX_READ_KEY_ERROR

Description: Data Manager failed to read event file index during query or index merge

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTIDX_READ_POST_ERROR

Description: Data Manager failed to read event index posting file during query or index merge

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTIDX_WRITE_ERROR

Description: Data Manager failed to write event index

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAMANAGER_EVTIDX_WRITE_KEY_ERROR

Description: Data Manager failed to write event index file key

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAMANAGER_EVTIDX_WRITE_POST_ERROR

Description: Data Manager failed to write event index posting file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_EVTLOADER_ERROR

Description: Data Manager failed to load events from shared buffer

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

dirName

Directory Name

string



EventType: PH_DATAMANAGER_EVTWRITER_ERROR

Description: Data Manager failed to store events to event database

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_DATAMANAGER_EXPORT_ERROR

Description: Data Manager failed to export events from event database

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_FILE_READ_FAILURE

Description: FortiSIEM DataManager failed to read file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_DATAMANAGER_FILE_RENAME_FAILURE

Description: FortiSIEM DataManager failed to rename file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

srcFilePath

Source File Path

string

destFilePath

Destination File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_DATAMANAGER_FILE_SIGN_ERROR

Description: Data Manager failed to sign event files for message integrity

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_DATAMANAGER_FILE_WRITE_FAILURE

Description: FortiSIEM DataManager failed to write file

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errorNoInt

Error Number Int

int32



EventType: PH_DATAMANAGER_GET_SIGN_ERROR

Description: Data Manager failed to read event message integrity signatures

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_DATAMANAGER_GLOBAL_CACHE_MISSING

Description: FortiSIEM DataManager missing global cache

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_HDFSWRITER_ERROR

Description: Data Manager module failed to write to HDFS

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

infoURL

Informational URL

string

This field captures an URL if present in an event

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATAMANAGER_HTTP_UPLOAD_ERROR

Description: Data Manager module failed to upload event database statistics to App server

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_DATAMANAGER_INIT_ERROR

Description: Data Manager module initialization error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_INTEGRITY_CHECK_ERROR

Description: Data Manager failed to do integrity check for certain event files

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

fileName

File Name

string



EventType: PH_DATAMANAGER_INTEGRITY_RESPONSE_ERROR

Description: Data Manager failed to respond to App Server for log integrity check requests

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_INVALID_LOG_FILE

Description: FortiSIEM DataManager invalid log file

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

filePath

File Path

string

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_IP_TYPE_INVALID

Description: Invalid IP type

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_KAFKAWRITER_CONFIG_ERROR

Description: Data Manager failed to load Kafka configuration from App server

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_KAFKAWRITER_ERROR

Description: Data Manager failed to write events to Kafka message bus

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

errorString

Error String

string

This is the error message, synonymous to attribute errReason

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_DATAMANAGER_LOG_BUFFER_PAUSED_LOW_SPACE

Description: PerCust event buffer is paused because of low free space

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_LOG_BUFFER_PAUSED_STATFS_FAILURE

Description: PerCust event buffer is paused because of statfs failure

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_LOG_BUFFER_RESUMED

Description: PerCust event buffer is resumed

Severity: 3 (Low)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_PUT_SIGN_ERROR

Description: Data Manager failed to store event file integrity signatures

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string



EventType: PH_DATAMANAGER_QUERY_EXPR_ERROR

Description: Data Manager failed to parse trigger event query expression

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_QUERY_RESPONSE_ERROR

Description: Data Manager failed to respond to Query Master for incident trigger event query requests

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAMANAGER_REDIS_KEY_NOT_EXIST

Description: redis key not exist

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMANAGER_SUMMARYWRITER_ERROR

Description: Data Manager failed to write inline report results

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_DATAMGR_BAD_EVTBLKIDX_FILE

Description: Bad event block index file

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_BAD_SEGMENT

Description: Bad data segment

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_INDEX_MERGE_FAILED

Description: Failed to merge indices

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_INDEX_MERGE_FAILED_INDEX

Description: Index that failed to merge

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_INDEX_MERGE_FAILED_INDEX_GROUP

Description: Index group that failed to merge

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_SEGMENT_MERGE_ERROR

Description: Datamgr segment merge error

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_SEGMENT_MERGE_FAILED

Description: Failed to merge segments

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_UNABLE_FLUSH_INDEX

Description: Failed to flush index

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAMGR_UNABLE_OPEN_EVTBLK_FILE

Description: Unable to open event block file

Severity: 6 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATAPURGER_ARCHIVE_TASK_ERROR

Description: Data Purger failed to archive events but they are purged

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_CMD_FAILURE

Description: Data Purger failed to run command

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

errorNoInt

Error Number Int

int32



EventType: PH_DATAPURGER_DR_ES_RESTORE_FAILED

Description: Data Purger failed to do restore for Disaster Recovery

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_DR_ES_ROLE_UNKNOWN

Description: Elasticsearch Disaster Recovery Role is Unknown

Severity: 9 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAPURGER_DR_ES_SNAPSHOTS_GET_FAILED

Description: Data Purger failed to get snapshots for Disaster Recovery

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_DR_ES_SNAPSHOT_DELETION_FAILED

Description: Data Purger failed to delete snapshots for Disaster Recovery

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_DR_ES_SNAPSHOT_FAILED

Description: Data Purger failed to do snapshot for Disaster Recovery

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_DUCHECKER_ERROR

Description: Data Purger failed to check disk usage

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_ENFORCE_ERROR

Description: Data Purger failed to enforce event purging policy

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_EVAL_ERROR

Description: Data Purger failed to evaluate event purging policies for a particular day

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_HTTP_UPLOAD_ERROR

Description: Data Purger failed to upload disk usage to App server

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_INIT_ERROR

Description: Data Purger module initialization error

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_OPEN_FILE_ERROR

Description: Data Purger module failed to open file

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

fileName

File Name

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_DATAPURGER_PARSE_XML_ERROR

Description: Data Purger module failed to parse XML containing purging policies received from App server

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_DATAPURGER_POLICY_ERROR

Description: Data Purger failed to implement specific event purging policy

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATAPURGER_RESPONSE_ERROR

Description: Data Purger module failed to handle event database refresh/restore related requests from App server

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_DATA_CLUSTER_ALL_COORDINATOR_DOWN

Description: All Coordinator nodes are down or not reachable or not responsive

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_DATA_CLUSTER_BUSY

Description: Elasticsearch cluster is busy

Severity: 9 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

hostName

Host Name

string

This is the hostname of the device of interest in the event



EventType: PH_DATA_CLUSTER_CLICKHOUSE_CONFIG_NO_PORT

Description: ClickHouse PORT is not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_COORDINATOR_DOWN

Description: Coordinator is down or not reachable or not responsive

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_DATA_CLUSTER_COORDINATOR_UP

Description: Coordinator is up

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

destIpPort

Destination TCP/UDP Port

uint16

This is the destination TCP or UDP port as identified in the event



EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_HTTPPORT

Description: Elasticsearch cluster HTTP PORT is not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_IP

Description: Elasticsearch cluster IP is not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_JAVAPORT

Description: FortiSIEM Elasticsearch configuration missing Java port

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_NAME

Description: FortiSIEM Elasticsearch configuration missing cluster name

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_NUMREPLICAS

Description: FortiSIEM Elasticsearch configuration missing number of replica

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_NUMSHARD

Description: FortiSIEM Elasticsearch configuration missing number of shards

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NULL

Description: Elasticsearch cluster not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_WRONG_FORMAT

Description: Wrng response format

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATA_CLUSTER_ELASTIC_EVENTID_NOT_FOUND

Description: Elasticsearch error string doesn't contain enough information

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_HTTP_CLIENT_FAIL

Description: Elasticsearch REST API call to AppSrv failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_ELASTIC_HTTP_CMD_FAIL

Description: Elasticsearch REST API call fails

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

msg

Message

string



EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_FAIL

Description: Elasticsearch indexing failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

size

Size

uint32



EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_RESEND_FAIL

Description: Elasticsearch indexing failed 2nd time

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

size

Size

uint32



EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_SEND_FAIL

Description: Elasticsearch indexing failed at the last time

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

size

Size

uint32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_SEND_FIRST_FAIL

Description: Elasticsearch indexing failed at 1st time

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

size

Size

uint32

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_UPLOAD_FAIL

Description: Elasticsearch event upload via REST API failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATA_CLUSTER_ELASTIC_WRONG_JSON_FORMAT

Description: Elasticsearch "_cat/indices" API response format wrong format

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATA_CLUSTER_GET_HOSTNAME_FAIL

Description: Elasticsearch popen hostname failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NO_PORT

Description: HDFS port in not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NO_SERVER

Description: HDFS server in not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NO_YARN_PORT

Description: HDFS yarn port in not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NO_YARN_SERVER

Description: HDFS yarn server in not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NULL

Description: HDFS cluster is not configured

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_HTTP_CMD_FAIL

Description: HDFS REST API call to AppSrv failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

command

Command

string

infoURL

Informational URL

string

This field captures an URL if present in an event

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

msg

Message

string



EventType: PH_DATA_CLUSTER_HDFS_LISTSTATUS_FAIL

Description: HDFS LISTSTAUTS API failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_DATA_CLUSTER_HDFS_SEND_FAIL

Description: HDFS storing events failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number

errorString

Error String

string

This is the error message, synonymous to attribute errReason



EventType: PH_DATA_CLUSTER_HDFS_UPLOAD_FAIL

Description: HDFS event upload via REST API failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

infoURL

Informational URL

string

This field captures an URL if present in an event

errorNo

Error Number Unsigned

uint32

This is an unsigned integer error number



EventType: PH_DATA_CLUSTER_JSON_GET_ATTRIBUTE_NAME_FAIL

Description: Elasticsearch Event Attribute name fetch failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_ARCHIVE_STORAGE_CHECK_ERROR

Description: Failed to get disk usage of Elasticsearch Cluster archive

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_ES_ARCHIVE_STORAGE_LOW

Description: The available storage of archive for Elasticsearch Cluster is low

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_ARCHIVE_STORAGE_PURGING_FAILED

Description: Failed purge snapshot from archive on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_ES_ARCHIVE_STORAGE_PURGING_FINISHED

Description: Finished purge snapshot from archive on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_ARCHIVE_STORAGE_PURGING_STARTED

Description: Start purge snapshots from archive on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_ARCHIVE_STORAGE_PURGING_SUCCESS

Description: Succeed purge snapshots from archive on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_ARCHIVE_STORAGE_USAGE

Description: Disk usage of Elasticsearch Cluster archive

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_CCR_DELAY

Description: Elasticsearch CCR delay detail

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_COLD_STORAGE_ARCHIVING_FAILED

Description: Failed to archive indices from cold nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_COLD_STORAGE_ARCHIVING_FINISHED

Description: Finished archive indices from cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_COLD_STORAGE_ARCHIVING_STARTED

Description: Start archive indices from cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_COLD_STORAGE_ARCHIVING_SUCCESS

Description: Successfully archived indices from cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_COLD_STORAGE_CHECK_ERROR

Description: Failed to get disk usage of Elasticsearch Cluster cold nodes

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_ES_COLD_STORAGE_LOW

Description: The available storage of cold nodes on Elasticsearch Cluster is low

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_COLD_STORAGE_PURGING_FAILED

Description: Failed purge indices from cold nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_COLD_STORAGE_PURGING_FINISHED

Description: Finished purge indices from cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_COLD_STORAGE_PURGING_STARTED

Description: Start purge indices from cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_COLD_STORAGE_PURGING_SUCCESS

Description: Succeed purge indices from cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_COLD_STORAGE_USAGE

Description: Disk usage of Elasticsearch Cold nodes

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_HOTCOLD_STORAGE_MOVING_FAILED

Description: Failed move indices from Hot to cold nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_HOTCOLD_STORAGE_MOVING_FINISHED

Description: Finished moved indices from Hot to cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOTCOLD_STORAGE_MOVING_STARTED

Description: Start move indices from Hot to cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOTCOLD_STORAGE_MOVING_SUCCESS

Description: Succeed moved indices from Hot to cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_ARCHIVING_FAILED

Description: Failed archive indices from hot nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_HOT_STORAGE_ARCHIVING_FINISHED

Description: Finished archive indices from hot nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_ARCHIVING_STARTED

Description: Start archive indices from hot nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_ARCHIVING_SUCCESS

Description: Succeed archive indices from hot nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_CHECK_ERROR

Description: Failed to get disk usage of Elasticsearch Cluster Hot Nodes

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_ES_HOT_STORAGE_LOW

Description: The available storage of Hot Nodes on Elasticsearch Cluster is low

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_HOT_STORAGE_MOVING_FAILED

Description: Failed move indices from Hot to warm nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_HOT_STORAGE_MOVING_FINISHED

Description: Finished moved indices from Hot to warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_MOVING_STARTED

Description: Start move indices from Hot to warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_MOVING_SUCCESS

Description: Succeed moved indices from Hot to warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_PURGING_FAILED

Description: Failed purge indices from hot nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_HOT_STORAGE_PURGING_FINISHED

Description: Finished purge indices from hot nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_PURGING_STARTED

Description: Start purge indices from hot nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_PURGING_SUCCESS

Description: Succeed purge indices from hot nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_HOT_STORAGE_USAGE

Description: Disk usage of Elasticsearch Hot Nodes

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_INDEX_SEGMENT_MERGE_FAILED

Description: Elasticsearch index segment merge failed

Severity: 7 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_ES_REST_FAILED

Description: ES REST returns error

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_SM_ADD_INDEX_FAILED

Description: Failed to add ShardManager Index

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_SM_HOURCHECK_FAILED

Description: Failed ShardManager hourcheck

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_SM_INIT_FAILED

Description: Failed to init ShardManager

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_SM_INIT_INDEX_FAILED

Description: Failed to init ShardManager Index

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_SNAPSHOT_FAILED

Description: Failed to do snapshot for ES

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_TO_NFS_ARCHIVE_FAILED_ADD_INDEX

Description: ES TO NFS Archive failed to add an index

Severity: 7 (Medium)

Event Category: 3 (System Logs)


EventType: PH_ES_WARM_STORAGE_ARCHIVING_FAILED

Description: Failed to archive indices from warm nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_WARM_STORAGE_ARCHIVING_FINISHED

Description: Finished archive indices from warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_ARCHIVING_STARTED

Description: Start archive indices from warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_ARCHIVING_SUCCESS

Description: Successfully archived indices from warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_CHECK_ERROR

Description: Failed to get disk usage of Elasticsearch Cluster warm nodes

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_ES_WARM_STORAGE_LOW

Description: The available storage of warm nodes on Elasticsearch Cluster is low

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_ES_WARM_STORAGE_MOVING_FAILED

Description: Failed move indices from Warm to cold nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_WARM_STORAGE_MOVING_FINISHED

Description: Finished moved indices from Warm to cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_MOVING_STARTED

Description: Start move indices from Warm to cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_MOVING_SUCCESS

Description: Succeed moved indices from Warm to cold nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_PURGING_FAILED

Description: Failed purge indices from warm nodes on Elasticsearch Cluster

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_ES_WARM_STORAGE_PURGING_FINISHED

Description: Finished purge indices from warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_PURGING_STARTED

Description: Start purge indices from warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_PURGING_SUCCESS

Description: Succeed purge indices from warm nodes on Elasticsearch Cluster

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_ES_WARM_STORAGE_USAGE

Description: Disk usage of Elasticsearch Warm nodes

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_HDFS_ARCHIVE_STORAGE_LOW

Description: The available storage of HDFS Archive database is low

Severity: 3 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_HDFS_ARCHIVE_STORAGE_USAGE

Description: Storage usage of HDFS Archive database

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totalDiskMB

Total Disk MB

uint32

freeDiskMB

Free Disk MB

uint32



EventType: PH_HDFS_PURGING_FAILED

Description: Failed purging from HDFS Archive database

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_HDFS_PURGING_FINISHED

Description: Finished purging from HDFS Archive database - triggered by low space

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_HDFS_PURGING_STARTED

Description: Started purging from HDFS Archive database - triggered by low space

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_HDFS_PURGING_SUCCESS

Description: Successfully purged from HDFS Archive database - triggered by low space

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_SYSTEM_ARCHIVE_LOW

Description: FortiSIEM EventDB Archive disk space low

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGED_LOW_SPACE

Description: Event database archive files purged to make room for new archive

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGED_POLICY

Description: Event database archive files purged by policy

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_LOW_SPACE_FAILED

Description: Failed to purge Archive FortiSIEM EventDB - purge caused by low available space

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_LOW_SPACE_FINISHED

Description: Successfully purged Archive FortiSIEM EventDB -purge caused by low available space

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_LOW_SPACE_STARTED

Description: Started to purge Archive FortiSIEM EventDB because of low available space

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_LOW_SPACE_SUCCESS

Description: Successfully purged Archive FortiSIEM EventDB because of low available space

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_POLICY_FAILED

Description: Failed to purge Archive FortiSIEM EventDB - purge caused by policy

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_POLICY_FINISHED

Description: Successfully purged Archive FortiSIEM EventDB - purge caused by policy

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_SYSTEM_ARCHIVE_PURGING_POLICY_STARTED

Description: Started to purge Archive FortiSIEM EventDB - purge caused by policy

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_PURGING_POLICY_SUCCESS

Description: Successfully purged Archive FortiSIEM EventDB - purge caused by policy

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_ARCHIVE_RETENTION_POLICY_VIOLATED

Description: Archive retention policy violation

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant



EventType: PH_SYSTEM_ARCHIVE_USAGE

Description: Archive disk usage

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

diskUsage

Disk Used MB

uint64



EventType: PH_SYSTEM_DATAMGR_ARCHIVE_SKIP

Description: Online FortiSIEM EventDB Archiving skipped since the directory has data

Severity: 5 (Medium)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_ARCHIVING_FAILED

Description: Online FortiSIEM EventDB Archiving encountered errors

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_ARCHIVING_FINISHED

Description: Online FortiSIEM EventDB Archiving completed

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_ARCHIVING_STARTED

Description: Online FortiSIEM EventDB Archiving started

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_ARCHIVING_SUCCESS

Description: Online FortiSIEM EventDB Archiving success

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_PURGED

Description: Event database files purged

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant



EventType: PH_SYSTEM_DISK_PURGING_FAILED

Description: Online FortiSIEM EventDB Purging encountered errors

Severity: 10 (High)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_PURGING_FINISHED

Description: Online FortiSIEM EventDB Purging completed

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_PURGING_STARTED

Description: Online FortiSIEM EventDB Purging started

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_PURGING_SUCCESS

Description: Online FortiSIEM EventDB Purging success

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_DISK_USAGE

Description: Disk usage of customer

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

diskUsage

Disk Used MB

uint64



EventType: PH_SYSTEM_DISK_USAGE_WARNING

Description: FortiSIEM EventDB disk usage close to limit

Severity: 5 (Medium)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant



EventType: PH_SYSTEM_ONLINE_RETENTION_POLICY_VIOLATED

Description: Online data retention policy violation

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

policyName

Policy Name

string



EventType: PH_SYSTEM_RETENTION_POLICY_EXEC_TIME

Description: Data retention policy enforcement time

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

runTime

Run Time

uint64



EventType: PH_SYSTEM_RETENTION_POLICY_FAILED

Description: Data retention policy enforcement failed

Severity: 10 (High)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

errReason

Reason for Error

string

This is the reason for an error if given.



EventType: PH_SYSTEM_RETENTION_POLICY_FINISHED

Description: Data retention policy enforcement finished

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_RETENTION_POLICY_STARTED

Description: Data retention policy enforcement started

Severity: 1 (Low)

Event Category: 3 (System Logs)


EventType: PH_SYSTEM_RETENTION_POLICY_STATS

Description: Data retention policy enforcement statistics

Severity: 1 (Low)

Event Category: 3 (System Logs)

Attributes:

Id

Display name

Type

Description

phCustId

Organization ID

uint32

This is the FortiSIEM organization ID unique to each tenant

totBytes64

Total Bytes64

uint64

Total number of sent and received bytes by a host. This has 64bit resolution.



EventType: PH_SYSTEM_RETENTION_POLICY_SUCCESS

Description: Data retention policy enforcement succeeded

Severity: 1 (Low)

Event Category: 3 (System Logs)