All Logs Page 2
Every FortiSIEM internally generated event log regardless of category
EventType: PH_CLICKHOUSE_CHECKIN_QUERY_THREADS_FAILED
Description: Failed to checkin query threads
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CLICKHOUSE_CHECKOUT_QUERY_THREADS_FAILED
Description: Failed to checkout query threads
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CLICKHOUSE_DISK_UTILS_PER_STORAGE_TIER
Description: ClickHouse disk utils per storage tier
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
|
diskType |
Disk Type |
string |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_CLICKHOUSE_DROP_PARTITION_FAILED
Description: Failed to drop ClickHouse partitions
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
dbPartition |
DB Partition |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_CLICKHOUSE_DROP_PARTITION_SUCCEEDED
Description: Drop ClickHouse partition successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
dbPartition |
DB Partition |
string |
|
|
command |
Command |
string |
|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_CLICKHOUSE_GET_ONLINE_NODE_FAILED
Description: ClickHouse getting online node failed
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_GET_PARTITIONS_FAILED
Description: Failed to get ClickHouse partitions
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CLICKHOUSE_GET_SHARDS_FAILED
Description: Failed to get ClickHouse shards
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CLICKHOUSE_GET_STORAGE_STATS_FAILED
Description: Failed to get ClickHouse storage stats
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CLICKHOUSE_GET_STORAGE_TIER_FAILED
Description: Failed to get ClickHouse storage tier
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CLICKHOUSE_INSERTION_DROP_EVENTS
Description: FortiSIEM dropped events while failing to insert them to ClickHouse after retries
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_CLICKHOUSE_INSERTION_EPS
Description: ClickHouse Insertion EPS
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventsPerSec |
Event Rate |
double |
A generic attribute for recording event ingestion or handling rate. |
EventType: PH_CLICKHOUSE_JSON_ENCODER_EPS
Description: ClickHouse JSON Encoding EPS
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventsPerSec |
Event Rate |
double |
A generic attribute for recording event ingestion or handling rate. |
EventType: PH_CLICKHOUSE_JSON_ENCODER_EPS_PER_THREAD
Description: ClickHouse JSON Encoding EPS per thread
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventsPerSec |
Event Rate |
double |
A generic attribute for recording event ingestion or handling rate. |
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_ACTIVE_CONSOLIDATION
Description: ClickHouse log integrity active consolidation
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CALCULATE_REQUEST_PARSE_FAILED
Description: Failed to parse log integrity calculate request
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CALCULATE_REQUEST_STARTED
Description: ClickHouse partition consolidation request started
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CANDIDATE_PARTITIONS
Description: Clickhouse log integrity candidate partitions
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CONSOLIDATION_DATE
Description: ClickHouse log integrity consolidation target date
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_CONSOLIDATION_STATUS_CHANGE
Description: ClickHouse partition consolidation status change
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_DONE
Description: ClickHouse daily consolidation done
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_STARTED
Description: ClickHouse daily consolidation started
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_STOPPED
Description: ClickHouse daily consolidation stopped
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DAILY_CONSOLIDATION_TIMER
Description: ClickHouse log integrity daily consolidation timer pops
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_DB_QUERY_FAILED
Description: ClickHouse log integrity failed to execute query
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_EMPTY_PARTITION_CHECKSUM
Description: ClickHouse log integrity empty partition checksum
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_EXEC_FAILED
Description: ClickHouse log integrity system command failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
errorCode |
Error Code |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_MIN_MAX_QUERY_FAILED
Description: ClickHouse log integrity failed min max block query
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_OPTIMIZE_COMMAND_FAILED
Description: ClickHouse log integrity optimize command failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_PARTITION_CONSOLIDATION_DONE
Description: ClickHouse partition consolidation done
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
hashSHA256 |
SHA256 Hash |
string |
|
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_PARTITION_CONSOLIDATION_STARTED
Description: ClickHouse partition consolidation started
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_PARTITION_UPDATED_AFTER_CHECKSUM
Description: ClickHouse log integrity partition data updated after checksum calculation
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
hashSHA256 |
SHA256 Hash |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_MISMATCH
Description: ClickHouse log integrity SHA256 response mismatch
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
hashSHA256 |
SHA256 Hash |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_MISMATCH_REPLICAS
Description: ClickHouse log integrity MD5 response mismatch between replicas
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
validFrom |
Valid From |
Date |
|
|
validTo |
Valid To |
Date |
|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
hashSHA256 |
SHA256 Hash |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_PARTITION_INFO_EMPTY
Description: ClickHouse log integrity sha256 target partition info empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
shard |
Shard |
string |
|
|
dbPartition |
DB Partition |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_REQUEST_PARSE_FAILED
Description: Failed to parse log integrity sha256 validation request
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_RESPONSE_EMPTY
Description: Received error for log integrity sha256 response empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_RESPONSE_ERROR
Description: Received error for log integrity sha256 validation response error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_LOG_INTEGRITY_SHA256_RESPONSE_PARSE_FAILED
Description: Failed to parse log integrity sha256 validation request
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_MOVE_PARTITION_FAILED
Description: Failed to move ClickHouse partitions
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
dbPartition |
DB Partition |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_CLICKHOUSE_MOVE_PARTITION_SUCCEEDED
Description: Move ClickHouse partition successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
dbPartition |
DB Partition |
string |
|
|
command |
Command |
string |
|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_CLICKHOUSE_QUERY_REDIS_CONN_FAILURE
Description: Failed to contact with redis on super
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_QUERY_REDIS_GET_FAILURE
Description: Fail to get values from redis
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_CLICKHOUSE_QUERY_UNCOMPRESS_FAILURE
Description: Failed to uncompress data
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_QUERY_ZLIB_INIT_FAILURE
Description: Failed to initialize zlib library
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_RESOURCE_TRACKER_QUERY_CHECKIN
Description: ClickHouse query checkin
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_CLICKHOUSE_RESOURCE_TRACKER_QUERY_CHECKOUT
Description: ClickHouse query checkout
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
EventType: PH_CLICKHOUSE_RESOURCE_TRACKER_THREADS_CHECKIN
Description: ClickHouse query threads checkin
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
|
replica |
Replica |
string |
|
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
EventType: PH_CLICKHOUSE_RESOURCE_TRACKER_THREADS_CHECKOUT
Description: ClickHouse query threads checkout
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
queryId |
Query Id |
string |
|
|
replica |
Replica |
string |
|
|
serverIpAddr |
Server IP |
IP |
|
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
EventType: PH_CLICKHOUSE_ROUND_ROBIN_INSERTION
Description: Insert events to ClickHouse in roundrobin fashion
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_CLICKHOUSE_ROUND_ROBIN_QUERY
Description: Query from ClickHouse in roundrobin fashion
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_CLICKHOUSE_STORAGE_FREE_SPACE_CRITICAL
Description: ClickHouse lowest storage tier free space critical
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_CLICKHOUSE_STORAGE_FREE_SPACE_LOW
Description: ClickHouse lowest storage tier free space low
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
EventType: PH_CLICKHOUSE_STORAGE_UTILS_PER_ORG_PER_DAY
Description: ClickHouse disk utils per organization per day
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_CLICKHOUSE_WRITE_FAILED
Description: ClickHouse Insertion failed
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
EventType: PH_CLIKCHOUSE_BUILD_QUERY_DIST_SQL_COMMAND_FAILURE
Description: Failed to build query dist sql command
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLI_ERROR
Description: FortiSIEM CLI error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_CLUSTER_COLLECT_ALL_IP_FAILED
Description: 670-Cluster: Failed to collect all ips of one node
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLUSTER_COLLECT_CONFIG_DATA_FAILED
Description: 670-Cluster: Failed to collect config data of one node
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLUSTER_CONFIG_SSH_KEY_FAILED
Description: 670-Cluster: Failed to configure SSH key
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_CLUSTER_GET_FW_IP_FAILED
Description: 670-Cluster: Failed to get followerIps
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLUSTER_GET_TASK_FAILED
Description: 670-Cluster: Failed to get task
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
task |
Task |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_CLUSTER_NOT_SUPPORT_TASK
Description: 670-Cluster: This type device doesn't support this task
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLUSTER_NOT_VALID_FELLOWER
Description: 670-Cluster: The node is invalid
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLUSTER_NO_LICENSE
Description: 670-Cluster: There is no license
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLUSTER_RELOAD_CONFIG_FAILED
Description: 670-Cluster: Failed to re-load configuration from app server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLUSTER_RM_DB_FAILED
Description: 670-Cluster: Failed to remove DB
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLUSTER_RUN_COMMAND_FAILED
Description: 670-Cluster: Failed to run command
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
EventType: PH_CLUSTER_SCIRPT_FAILED
Description: 670-Cluste: Failed to execute script
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLUSTER_SEND_TASK_FAILED
Description: 670-Cluster: Failed to send task
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
task |
Task |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_CLUSTER_SSH_KEY_IS_WRONG
Description: 670-Cluster: The SSH key is wrong
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLUSTER_TASK_DATA_EMPTY
Description: 670-Cluster: Task data is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLUSTER_TASK_INFO_IS_WRONG
Description: 670-Cluster: Task info is not right
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_CLUSTER_TASK_NOT_CONTAIN_LIC
Description: 670-Cluster: There is no license in task
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_COLLECTOR_CLOCK_SKEW
Description: Clock skew between Collector and Super
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
collectorId |
Collector ID |
uint32 |
This field captures the ID of a FortiSIEM Collector |
|
collectorIp |
Collector IP |
IP |
This field captures the IP address of a FortiSIEM Collector |
|
superTime |
Supervisor Time |
Date |
This field represents SupervisorTime used to determine Clock Skew between Collector and Supervisor. A Clock Skew may develop if NTP is not configured correctly in both Collector and Supervisor. |
|
collectorTime |
Collector Time |
Date |
This field represents Collector Time used to determine Clock Skew between Collector and Supervisor. A Clock Skew may develop if NTP is not configured correctly in both Collector and Supervisor. |
|
timeSkewSec |
Time skew |
uint32 |
Time skew between Collector and Supervisor. If there is significant time skew then rules may not trigger, since rules need to be evaluated based on a time window. |
EventType: PH_COLLECTOR_DOWN
Description: Collector down
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_COLLECTOR_EVENT_ARRIVAL_DELAYED
Description: Collector event delayed
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_COLLECTOR_EVENT_ARRIVAL_OK
Description: Collector event arrived on time
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_COLLECTOR_EVENT_STORE_DELAYED
Description: Collector event file delayed
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_COLLECTOR_EVENT_STORE_OK
Description: Collector event file on time
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_COLLECTOR_LICENSE_UPDATE
Description: License on collector updated
Severity: 5 (Medium)
Event Category: 3 (System Logs)
EventType: PH_COLLECTOR_UP
Description: Collector up
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_CREATE_TEMP_FILE_FAILURE
Description: FortiSIEM temp file creation error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_CYBERARK_INIT_ERROR
Description: FortiSIEM CyberArk module initialization error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAINTEGRITY_PASSPHRASE_LOAD_ERROR
Description: Data integrity module failed to load passphrase from App Server. Passphrase is needed for signing events
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAINTEGRITY_SIGNER_ERROR
Description: Data integrity module failed to sign event data for message integrity
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
EventType: PH_DATAINTEGRITY_UTILS_ERROR
Description: Generic data integrity utilities error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
EventType: PH_DATAINTEGRITY_VERIFIER_ERROR
Description: Data integrity module failed to verify event data for message integrity
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
EventType: PH_DATAMANAGER_CLICKHOUSE_HTTP_UPLOAD_ERROR
Description: Failed to upload events to ClickHouse
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
serverName |
Server Name |
string |
|
EventType: PH_DATAMANAGER_CLUSTER_ENCODE_ERROR
Description: Elasticsearch event encode error while writing events
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_CLUSTER_INIT_ERROR
Description: Elasticsearch client initialization failed
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_DATAMANAGER_CLUSTER_WAIT_ERROR
Description: Elasticsearch client failed tp get event block from sharedstore
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_CLUSTER_WRITER_ERROR
Description: Elasticsearch cluster writer error
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_DASHBOARD_RESPONSE_ERROR
Description: Data Manager failed to respond to Query Master for summary dashboard query requests
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_ELASTICWRITER_ERROR
Description: Elasticsearch client failed to write events to Elasticsearch
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_EVTATTR_ERROR
Description: Data Manager found unknown event attribute while writing to database
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DATAMANAGER_EVTCACHE_DUPLICATE_ERROR
Description: Data Manager found duplicate event id in event cache for trigger event query
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DATAMANAGER_EVTCACHE_GET_ERROR
Description: Data Manager failed to get event from event cache for trigger event query
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_EVTCACHE_PARSE_ERROR
Description: Data Manager failed to parse trigger event query XML from Query Master
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_EVTDBNOTIFIER_ERROR
Description: Data Manager failed to upload event-file-signature related details to App Server
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_EVTIDX_CORRUPT_ERROR
Description: Data Manager detected event index corruption
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
EventType: PH_DATAMANAGER_EVTIDX_MERGE_ERROR
Description: Data Manager failed to merge event index
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
dirName |
Directory Name |
string |
|
EventType: PH_DATAMANAGER_EVTIDX_QUERY_ERROR
Description: Data Manager failed to read event index during query
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_EVTIDX_READ_BLOCK_ERROR
Description: Data Manager failed to read event file block during query or index merge
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_EVTIDX_READ_KEY_ERROR
Description: Data Manager failed to read event file index during query or index merge
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_EVTIDX_READ_POST_ERROR
Description: Data Manager failed to read event index posting file during query or index merge
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_EVTIDX_WRITE_ERROR
Description: Data Manager failed to write event index
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
EventType: PH_DATAMANAGER_EVTIDX_WRITE_KEY_ERROR
Description: Data Manager failed to write event index file key
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
EventType: PH_DATAMANAGER_EVTIDX_WRITE_POST_ERROR
Description: Data Manager failed to write event index posting file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_EVTLOADER_ERROR
Description: Data Manager failed to load events from shared buffer
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
dirName |
Directory Name |
string |
|
EventType: PH_DATAMANAGER_EVTWRITER_ERROR
Description: Data Manager failed to store events to event database
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_DATAMANAGER_EXPORT_ERROR
Description: Data Manager failed to export events from event database
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_FILE_READ_FAILURE
Description: FortiSIEM DataManager failed to read file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_DATAMANAGER_FILE_RENAME_FAILURE
Description: FortiSIEM DataManager failed to rename file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_DATAMANAGER_FILE_SIGN_ERROR
Description: Data Manager failed to sign event files for message integrity
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_DATAMANAGER_FILE_WRITE_FAILURE
Description: FortiSIEM DataManager failed to write file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_DATAMANAGER_GET_SIGN_ERROR
Description: Data Manager failed to read event message integrity signatures
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_DATAMANAGER_GLOBAL_CACHE_MISSING
Description: FortiSIEM DataManager missing global cache
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATAMANAGER_HDFSWRITER_ERROR
Description: Data Manager module failed to write to HDFS
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_DATAMANAGER_HTTP_UPLOAD_ERROR
Description: Data Manager module failed to upload event database statistics to App server
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_DATAMANAGER_INIT_ERROR
Description: Data Manager module initialization error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_INTEGRITY_CHECK_ERROR
Description: Data Manager failed to do integrity check for certain event files
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
fileName |
File Name |
string |
|
EventType: PH_DATAMANAGER_INTEGRITY_RESPONSE_ERROR
Description: Data Manager failed to respond to App Server for log integrity check requests
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_INVALID_LOG_FILE
Description: FortiSIEM DataManager invalid log file
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_IP_TYPE_INVALID
Description: Invalid IP type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATAMANAGER_KAFKAWRITER_CONFIG_ERROR
Description: Data Manager failed to load Kafka configuration from App server
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_KAFKAWRITER_ERROR
Description: Data Manager failed to write events to Kafka message bus
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_DATAMANAGER_LOG_BUFFER_PAUSED_LOW_SPACE
Description: PerCust event buffer is paused because of low free space
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DATAMANAGER_LOG_BUFFER_PAUSED_STATFS_FAILURE
Description: PerCust event buffer is paused because of statfs failure
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DATAMANAGER_LOG_BUFFER_RESUMED
Description: PerCust event buffer is resumed
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_DATAMANAGER_PUT_SIGN_ERROR
Description: Data Manager failed to store event file integrity signatures
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_DATAMANAGER_QUERY_EXPR_ERROR
Description: Data Manager failed to parse trigger event query expression
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_QUERY_RESPONSE_ERROR
Description: Data Manager failed to respond to Query Master for incident trigger event query requests
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAMANAGER_REDIS_KEY_NOT_EXIST
Description: redis key not exist
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATAMANAGER_SUMMARYWRITER_ERROR
Description: Data Manager failed to write inline report results
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_DATAMGR_BAD_EVTBLKIDX_FILE
Description: Bad event block index file
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATAMGR_BAD_SEGMENT
Description: Bad data segment
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATAMGR_INDEX_MERGE_FAILED
Description: Failed to merge indices
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATAMGR_INDEX_MERGE_FAILED_INDEX
Description: Index that failed to merge
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATAMGR_INDEX_MERGE_FAILED_INDEX_GROUP
Description: Index group that failed to merge
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATAMGR_SEGMENT_MERGE_ERROR
Description: Datamgr segment merge error
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATAMGR_SEGMENT_MERGE_FAILED
Description: Failed to merge segments
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATAMGR_UNABLE_FLUSH_INDEX
Description: Failed to flush index
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATAMGR_UNABLE_OPEN_EVTBLK_FILE
Description: Unable to open event block file
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATAPURGER_ARCHIVE_TASK_ERROR
Description: Data Purger failed to archive events but they are purged
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAPURGER_CMD_FAILURE
Description: Data Purger failed to run command
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_DATAPURGER_DR_ES_RESTORE_FAILED
Description: Data Purger failed to do restore for Disaster Recovery
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAPURGER_DR_ES_ROLE_UNKNOWN
Description: Elasticsearch Disaster Recovery Role is Unknown
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DATAPURGER_DR_ES_SNAPSHOTS_GET_FAILED
Description: Data Purger failed to get snapshots for Disaster Recovery
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAPURGER_DR_ES_SNAPSHOT_DELETION_FAILED
Description: Data Purger failed to delete snapshots for Disaster Recovery
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAPURGER_DR_ES_SNAPSHOT_FAILED
Description: Data Purger failed to do snapshot for Disaster Recovery
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAPURGER_DUCHECKER_ERROR
Description: Data Purger failed to check disk usage
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAPURGER_ENFORCE_ERROR
Description: Data Purger failed to enforce event purging policy
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAPURGER_EVAL_ERROR
Description: Data Purger failed to evaluate event purging policies for a particular day
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAPURGER_HTTP_UPLOAD_ERROR
Description: Data Purger failed to upload disk usage to App server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAPURGER_INIT_ERROR
Description: Data Purger module initialization error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAPURGER_OPEN_FILE_ERROR
Description: Data Purger module failed to open file
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_DATAPURGER_PARSE_XML_ERROR
Description: Data Purger module failed to parse XML containing purging policies received from App server
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_DATAPURGER_POLICY_ERROR
Description: Data Purger failed to implement specific event purging policy
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAPURGER_RESPONSE_ERROR
Description: Data Purger module failed to handle event database refresh/restore related requests from App server
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATAPURGER_STORAGE_POLICY_CLICKHOUSE_NODES_EMPTY
Description: Data Purger failed to retrieve ClickHouse nodes from Redis
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_DATA_CLUSTER_ALL_COORDINATOR_DOWN
Description: All Coordinator nodes are down or not reachable or not responsive
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
EventType: PH_DATA_CLUSTER_BUSY
Description: Elasticsearch cluster is busy
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
EventType: PH_DATA_CLUSTER_CLICKHOUSE_CONFIG_NO_PORT
Description: ClickHouse PORT is not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_COORDINATOR_DOWN
Description: Coordinator is down or not reachable or not responsive
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
EventType: PH_DATA_CLUSTER_COORDINATOR_UP
Description: Coordinator is up
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_HTTPPORT
Description: Elasticsearch cluster HTTP PORT is not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_IP
Description: Elasticsearch cluster IP is not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_JAVAPORT
Description: FortiSIEM Elasticsearch configuration missing Java port
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_NAME
Description: FortiSIEM Elasticsearch configuration missing cluster name
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_NUMREPLICAS
Description: FortiSIEM Elasticsearch configuration missing number of replica
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NO_NUMSHARD
Description: FortiSIEM Elasticsearch configuration missing number of shards
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_NULL
Description: Elasticsearch cluster not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_ELASTIC_CONFIG_WRONG_FORMAT
Description: Wrng response format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_DATA_CLUSTER_ELASTIC_EVENTID_NOT_FOUND
Description: Elasticsearch error string doesn't contain enough information
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_ELASTIC_HTTP_CLIENT_FAIL
Description: Elasticsearch REST API call to AppSrv failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_ELASTIC_HTTP_CMD_FAIL
Description: Elasticsearch REST API call fails
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
msg |
Message |
string |
|
EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_FAIL
Description: Elasticsearch indexing failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
size |
Size |
uint32 |
|
EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_RESEND_FAIL
Description: Elasticsearch indexing failed 2nd time
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
size |
Size |
uint32 |
|
EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_SEND_FAIL
Description: Elasticsearch indexing failed at the last time
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
size |
Size |
uint32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_SEND_FIRST_FAIL
Description: Elasticsearch indexing failed at 1st time
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
size |
Size |
uint32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_DATA_CLUSTER_ELASTIC_INDEX_UPLOAD_FAIL
Description: Elasticsearch event upload via REST API failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_DATA_CLUSTER_ELASTIC_WRONG_JSON_FORMAT
Description: Elasticsearch "_cat/indices" API response format wrong format
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_DATA_CLUSTER_GET_HOSTNAME_FAIL
Description: Elasticsearch popen hostname failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NO_PORT
Description: HDFS port in not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NO_SERVER
Description: HDFS server in not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NO_YARN_PORT
Description: HDFS yarn port in not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NO_YARN_SERVER
Description: HDFS yarn server in not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_HDFS_CONFIG_NULL
Description: HDFS cluster is not configured
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_HDFS_HTTP_CMD_FAIL
Description: HDFS REST API call to AppSrv failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
msg |
Message |
string |
|
EventType: PH_DATA_CLUSTER_HDFS_LISTSTATUS_FAIL
Description: HDFS LISTSTAUTS API failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DATA_CLUSTER_HDFS_SEND_FAIL
Description: HDFS storing events failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_DATA_CLUSTER_HDFS_UPLOAD_FAIL
Description: HDFS event upload via REST API failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_DATA_CLUSTER_JSON_GET_ATTRIBUTE_NAME_FAIL
Description: Elasticsearch Event Attribute name fetch failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DEVICE_NOT_ADDED
Description: Discovered device not added to CMDB because of license restrictions
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_DEV_FAIL_TO_PULL_EVENTS
Description: Fail to pull events
Severity: 6 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DEV_MON_ACME_PACKET_SESSION_AGENT_STATUS
Description: Acme Packet Controller session status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
sessionAgentHostName |
Agent HostName |
string |
|
|
sessionAgentType |
Agent Type |
string |
|
|
sessionInboundCont |
Session Inbound Count |
uint32 |
|
|
sessionInboundRate |
Session Inbound Rate |
uint32 |
|
|
sessionOutboundCount |
Session Outbound Count |
uint32 |
|
|
sessionOutboundRate |
Session Outbound Rate |
uint32 |
|
|
sessionAgentStatus |
Session Agent Status |
string |
|
EventType: PH_DEV_MON_ACME_PACKET_SYS_STATUS
Description: Acme Packet Controller system status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
apSysHealthScore |
System Health Score |
uint32 |
|
|
apSysRedundancy |
System Redundancy |
uint32 |
|
|
apSysGlobalConSess |
System Global ConSess |
uint32 |
|
|
apSysGlobalCPS |
System Global CPS |
uint32 |
|
|
apSysNATCapacity |
System NAT Capacity |
uint32 |
|
|
apSysARPCapacity |
System ARP Capacity |
uint32 |
|
|
apSysState |
System State |
uint32 |
|
|
apSysLicenseCapacity |
System License Capacity |
uint32 |
|
|
apSysSipStatsActiveLocalContacts |
System Sip Stats Active Local Contacts |
uint32 |
|
|
apSysMgcpGWEndpoints |
System Mgcp GW Endpoints |
uint32 |
|
|
apSysH323Registration |
System H323 Registration |
uint32 |
|
|
apSysRegCacheLimit |
System Reg Cache Limit |
uint32 |
|
|
apSysApplicationCPULoadRate |
System Application CPU Load Rate |
uint32 |
|
|
apSysRejectedMessages |
System Rejected Messages |
uint32 |
|
|
apSysSipEndptDemTrustToUntrust |
System Sip Endpt Dem Trust To Untrust |
uint32 |
|
|
apSysSipEndptDemUntrustToDeny |
System Sip Endpt Dem Untrust To Deny |
uint32 |
|
|
apSysMgcpEndptDemTrustToUntrust |
System Mgcp Endpt Dem Trust To Untrust |
uint32 |
|
|
apSysMgcpEndptDemUntrustToDeny |
System Mgcp Endpt Dem Untrust To Deny |
uint32 |
|
|
apSysSipTotalCallsRejected |
System SIP Total Calls Rejected |
uint32 |
|
|
apSysSipStatsActiveSubscriptions |
System SIP Active Subscriptions |
uint32 |
|
|
apSysSipStatsPerMaxSubscriptions |
System SIP Per Max Subscriptions |
uint32 |
|
|
apSysSipStatsPerMaximumActiveSubscriptions |
System SIP Per Maximum Active Subscriptions |
uint32 |
|
|
apSysSipStatsTotalSubscriptions |
System SIPTotal Subscriptions |
uint32 |
|
EventType: PH_DEV_MON_APP_APACHE_MET
Description: Apache Web server performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
httpTotalAccesses |
HTTP Connection Count |
uint32 |
|
|
httpTotalKBytes |
HTTP Total KBytes |
uint32 |
|
|
apacheCPULoad |
Apache CPU Load |
double |
|
|
apacheUptime |
Apache Uptime |
uint64 |
|
|
apacheReqPerSec |
Apache Request Rate /sec |
double |
|
|
apacheBytesPerSec |
Apache Transfer Rate Bytes/sec |
double |
|
|
apacheBytesPerReq |
Apache Transfer Rate Bytes/Req |
double |
|
|
apacheBusyWorkers |
Apache Busy Workers |
uint32 |
|
|
apacheIdleWorkers |
Apache Idle Workers |
uint32 |
|
EventType: PH_DEV_MON_APP_ASPNET_MET
Description: ASP.NET performance metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
aspReqExecTimeMs |
ASP.NET Request Exec Time ms |
uint32 |
|
|
aspReqCurrent |
ASP.NET Curent Requests |
uint32 |
|
|
aspReqDisconnected |
ASP.NET Disconn Requests |
uint32 |
|
|
aspReqQueued |
ASP.NET Queued Requests |
uint32 |
|
|
aspReqRejected |
ASPNET Rejected Requests |
uint32 |
|
|
aspReqWaitTimeMs |
ASP.NET Request Wait Time ms |
uint32 |
|
EventType: PH_DEV_MON_APP_DHCP_MET
Description: DHCP performance metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
dhcpReqPerSec |
DHCP Request Rate /sec |
uint32 |
|
|
dhcpRelPerSec |
DHCP Release Rate /sec |
uint32 |
|
|
dhcpDeclinesPerSec |
DHCP Decline Rate /sec |
uint32 |
|
|
dhcpDupsDroppedPerSec |
DHCP Duplicate Drop Rate /sec |
uint32 |
|
|
dhcpPktsPerSec |
DHCP Packet Rate /sec |
uint32 |
|
|
dhcpActiveQueueLen |
DHCP Active Queue Length |
uint32 |
|
|
dhcpConflictQueueLen |
DHCP Conflict Queue Length |
uint32 |
|
|
dhcpAvgRespTime |
DHCP Average Resp Time |
uint32 |
|
|
dhcpDiscoverPreSec |
DHCP Discover Rate /sec |
uint32 |
|
|
dhcOfferPerSec |
DHCP Offer Rate /sec |
uint32 |
|
|
dhcpAckPerSec |
DHCP Ack Rate /sec |
uint32 |
|
|
dhcpNackPerSec |
DHCP Nack Rate /sec |
uint32 |
|
|
dhcpInformPerSec |
DHCP Inform Rate /sec |
uint32 |
|
EventType: PH_DEV_MON_APP_DNS_MET
Description: DNS performance metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
dnsReqRecv |
DNS Requests Recvd |
uint32 |
|
|
dnsRespSent |
DNS Responses Sent |
uint32 |
|
|
winsReqRecv |
WINS Requests Recvd |
uint32 |
|
|
winsRespSent |
WINS Responses Sent |
uint32 |
|
|
dnsRecQueryRecv |
Recursive DNS Query Recvd |
uint32 |
|
|
recurDnsQueryFail |
Recursive DNS Query Failed |
uint32 |
|
|
recurDnsQueryTimeout |
Recursive DNS Query Timeout |
uint32 |
|
|
fullDnsXferSent |
Full DNS Zone Transfer Request Sent |
uint32 |
|
|
fullDnsXferRecv |
Full DNS Zone Transfer Responses Recvd |
uint32 |
|
|
fullDnsXferSucc |
Full DNS Zone Transfer Success |
uint32 |
|
|
incrDnsXferRecv |
Incremental DNS Zone Transfer Responses Recvd |
uint32 |
|
|
incrDnsXferSucc |
Incremental DNS Zone Transfer Success |
uint32 |
|
|
dnsSecUpdateRecv |
Secure DNS Update Recvd |
uint32 |
|
|
dynDnsUpdRej |
Dynamic DNS Update Rejected |
uint32 |
|
|
dynDnsUpdTimeout |
Dynamic DNS Update Timeout |
uint32 |
|
|
secDnsUpdFail |
Secure DNS Update Failed |
uint32 |
|
EventType: PH_DEV_MON_APP_ICA_SESS_MET
Description: Citrix ICA IIS session metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
user |
User |
string |
|
|
icaLatencyLast |
ICA Latency Last Recorded |
uint32 |
|
|
icaLatencySessAvg |
ICA Latency Session Average |
uint32 |
|
|
icaLatencySessDev |
ICA Latency Session Deviation |
uint32 |
|
|
icaInSessBw |
ICA Input Session Bandwidth |
uint32 |
|
|
icaInSessLineSpeed |
ICA Input Session Line Speed |
uint32 |
|
|
icaInSessComp |
ICA Input Session Compression |
uint32 |
|
|
icaInDriveBw |
ICA Input Drive Bandwidth |
uint32 |
|
|
icaInEchoBw |
ICA Input Text Echo Bandwidth |
uint32 |
|
|
icaInAudioBw |
ICA Input Audio Bandwidth |
uint32 |
|
|
icaInVFBw |
ICA Input VideoFrame Bandwidth |
uint32 |
|
|
icaOutSessBw |
ICA Output Session Bandwidth |
uint32 |
|
|
icaOutSessLineSpeed |
ICA Output Session Line Speed |
uint32 |
|
|
icaOutSessComp |
ICA Output Session Compression |
uint32 |
|
|
icaOutDriveBw |
ICA Output Drive Bandwidth |
uint32 |
|
|
icaOutEchoBw |
ICA Output Text Echo Bandwidth |
uint32 |
|
|
icaOutAudioBw |
ICA Output Audio Bandwidth |
uint32 |
|
|
icaOutVFBw |
ICA Output VideoFrame Bandwidth |
uint32 |
|
EventType: PH_DEV_MON_APP_IIS_MET
Description: Microsoft IIS performance metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
httpCurrConnCount |
HTTP Current Connection Count |
uint32 |
|
|
httpMaxConnCount |
HTTP Max Connection Count |
uint32 |
|
|
httpSentFiles |
HTTP Sent Files |
uint32 |
|
|
httpRecvFiles |
HTTP Recv Files |
uint32 |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
|
sysUpTime |
System Uptime |
uint32 |
|
|
httpNotFoundErr |
HTTP Not Found Errors |
uint32 |
|
|
srvInstName |
Web Server Instance |
string |
|
EventType: PH_DEV_MON_APP_MSEXCH_ERR_MET
Description: Microsoft Exchange performance error metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchRPCFailed |
Exch RPC Failed Count |
uint32 |
|
|
exchRPCSuccess |
Exch RPC Success Count |
uint32 |
|
|
exchRPCCallFailed |
Exch RPC Failed - Call Failed |
uint32 |
|
|
exchRPCDenied |
Exch RPC Denied Count |
uint32 |
|
|
exchRPCFailedServBusy |
Exch RPC Failed - Server Busy |
uint32 |
|
|
exchRPCFailedServUnavail |
Exch RPC Failed - Server Unavail |
uint32 |
|
|
exchBgRPCFailed |
Exch Background RPC Failed |
uint32 |
|
|
exchFgRPCFailed |
Exch Foreground RPC Failed |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_ISDB_INST_MET
Description: Microsoft Exchange Database Instance Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
dbName |
DB Name |
string |
|
|
logGenCheckptDepth |
Log Gen Checkpoint Depth |
uint32 |
|
|
dbReadsAverageLatency |
DB Read latency ms |
uint32 |
|
|
dbWritesAverageLatency |
DB Write latency ms |
uint32 |
|
|
dbPhysicalWritesPerSec |
DB Write Rate /sec |
double |
|
|
dbSessionCount |
DB Session Count |
uint32 |
|
|
sessPctUsed |
Session Used Pct |
uint32 |
|
|
logBytesWritePersec |
Log Write Rate Bps |
uint32 |
|
|
versionbucketsallocated |
Version Buckets Allocated |
uint32 |
|
|
logThreadsWaiting |
Log Threads Waiting |
uint32 |
|
|
tableOpenCacheHitsPersec |
Table Open Cache Hit Rate /sec |
uint32 |
|
|
tableOpenCacheMissesPersec |
Table Open Cache Miss Rate /sec |
uint32 |
|
|
tableOpenCachePercentHit |
Table Open Cache Hit Pct |
uint32 |
|
|
tableOpensPersec |
Table Open Rate /sec |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_ISDB_MET
Description: Microsoft Exchange Information Store Database Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
pageFaultsStallsPersec |
Page Fault Stall Rate /sec |
uint32 |
|
|
pageFaultsPersec |
Page Fault Rate /sec |
uint32 |
|
|
dbCacheSizeMB |
DB Cache Size MB |
uint32 |
|
|
dbCachePercentHit |
DB Cache Hit pct |
uint32 |
|
|
logBytesWritePersec |
Log Write Rate Bps |
uint32 |
|
|
dbReadsAverageLatency |
DB Read latency ms |
uint32 |
|
|
dbWritesAverageLatency |
DB Write latency ms |
uint32 |
|
|
logRecordStallsPersec |
Log Record Stall Rate /sec |
uint32 |
|
|
versionbucketsallocated |
Version Buckets Allocated |
uint32 |
|
|
logThreadsWaiting |
Log Threads Waiting |
uint32 |
|
|
logWritesAverageLatency |
Log Write latency ms |
uint32 |
|
|
dbPageFaultsPersec |
DB Page Fault Rate /sec |
uint32 |
|
|
dbPageFaultStallsPersec |
DB Page Fault Stall Rate /sec |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_MBOX_MET
Description: MS Exchange mailbox utilization metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchMboxName |
Exch Mailbox Name |
string |
|
|
exchMboxSendQueue |
Exch Mailbox Send Queue |
uint32 |
|
|
exchMboxRecvQueue |
Exch Mailbox Recv Queue |
uint32 |
|
|
exchMboxSentMsg |
Exch Mailbox Sent Message |
uint32 |
|
|
exchMboxSubmitMsg |
Exch Mailbox Submitted Message |
uint32 |
|
|
exchMboxDelivMsg |
Exch Mailbox Delivered Message |
uint32 |
|
|
exchMboxActiveUserCount |
Exch Mailbox Active User Count |
uint32 |
|
|
exchMboxPeakUserCount |
Exch Mailbox Peak User Count |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_MET
Description: Microsoft Exchange performance metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchVMLargestBlockSize |
Exch VM Largest Block Size |
uint32 |
|
|
exchVMTotalLargeFreeBlockBytes |
Exch VM Large Free Blocks Bytes |
uint32 |
|
|
exchVMTotalFreeBlocks |
Exch VM Free Blocks |
uint32 |
|
|
exchRPCReq |
Exch RPC Requests Served |
uint32 |
|
|
exchRPCAvgLatency |
Exch Avg RPC Latency ms |
uint32 |
|
|
exchRPCOpsPerSec |
Exch RPC Ops Rate /sec |
uint32 |
|
|
exchRPCReqPeak |
Exch RPC Request Peak |
uint32 |
|
|
exchUserCount |
Exch User Count |
uint32 |
|
|
exchActiveUserCount |
Exch Active User Count |
uint32 |
|
|
exchPeakUserCount |
Exch Peak User Count |
uint32 |
|
|
exchActiveConnCount |
Exch Active Conn Count |
uint32 |
|
|
exchMaxConn |
Exch Max Conn Count |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_REPL_MET
Description: Microsoft Exchange Replication Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchReplInstName |
Exch Replication Instance Name |
string |
|
|
copyQueueLen |
Exch TxLog Copy Queue Length |
uint32 |
|
|
replayQueueLength |
Exch TxLog Replay Queue Length |
uint32 |
|
|
avgLogCopyLatencyMs |
Exch Log Copy latency ms |
uint32 |
|
|
maxNetworkLatencyMs |
Exch Log Copy network Latency ms |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_SMTP_MET
Description: MS Exchange SMTP metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchCatQueue |
Exch Categorization Queue |
uint32 |
|
|
exchSMTPLocalQueue |
Exch SMTP Local Queue |
uint32 |
|
|
exchSMTPRemoteQueue |
Exch SMTP Remote Queue |
uint32 |
|
|
exchSMTPInConn |
Exch SMTP Inbound Conn |
uint32 |
|
|
exchSMTPOutConn |
Exch SMTP Outbound Conn |
uint32 |
|
|
sentBytesPerSec |
Sent Byte Rate |
double |
|
|
recvBytesPerSec |
Received Byte Rate |
double |
|
|
exchSMTPRetries |
Exch SMTP Retries |
uint32 |
|
|
exchSMTPLocalRetryQueue |
Exch SMTP Local Retry Queue |
uint32 |
|
|
exchSMTPRemoteRetryQueue |
Exch SMTP Remote Retry Queue |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_STORE_INTF_MET
Description: Microsoft Exchange Store Interface Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchStoreIntfName |
Exch Store Interface Name |
string |
|
|
exchRPCAvgLatency |
Exch Avg RPC Latency ms |
uint32 |
|
|
RPCReqOutstanding |
Exch Outstanding RPC Requests |
uint32 |
|
|
ROPReqOutstanding |
Exch Outstanding ROP Requets |
uint32 |
|
|
RPCReqFailedPct |
Exch RPC Failed Requests Pct |
uint32 |
|
|
RPCSlowReq |
Exch RPC Slow Requests |
uint32 |
|
|
RPCSlowReqLatencyAvgMs |
Exch RPC Slow Request Latency ms |
uint32 |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
EventType: PH_DEV_MON_APP_MSEXCH_SUBMIT_MET
Description: Microsoft Exchange Mail Submission Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
hubServers |
Exch Hub Server Count |
uint32 |
|
|
hubServersInRetry |
Exch Hub Servers In Retry |
uint32 |
|
|
failedSubmissions |
Exch Failed Submissions |
uint32 |
|
|
successSubmissions |
Exch Successful Submissions |
uint32 |
|
|
tempSubmissionFailures |
Exch Temp Submission Failures |
uint32 |
|
|
hubTranspServersPrctActive |
Exch Active Hub Transport Servers Pct |
uint32 |
|
|
failedSubmissionsPersec |
Exch Failed Submission Rate /sec |
uint32 |
|
|
successSubmissionsPersec |
Exch Successful Submission Rate /sec |
uint32 |
|
|
tempSubmissionFailuresPersec |
Exch Temp Submission Failure Rate /sec |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_TRANS_MET
Description: Microsoft Exchange Transport Queue Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
aggDeliveryQueueLen |
Exch Aggregate Delivery Queue |
uint32 |
|
|
activeRemoteDeliveryQueueLen |
Exch Active Remote Delivery Queue |
uint32 |
|
|
activeMailboxDeliveryQueueLen |
Exch Active Mailbox Delivery Queue |
uint32 |
|
|
submissionQueueLen |
Exch Submission Queue |
uint32 |
|
|
activeNonSmtpDeliveryQueueLen |
Exch Active Non-SMTP Deelivery Queue |
uint32 |
|
|
retryMailboxDeliveryQueueLen |
Exch Retry Mailbox Delivery Queue |
uint32 |
|
|
unreachableQueueLen |
Exch Unreachable Queue |
uint32 |
|
|
largestDeliveryQueueLen |
Exch Largest Delivery Queue |
uint32 |
|
|
poisonQueueLength |
Exch Poison Queue |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_WS_MET
Description: MS Exchange Mailbox whitespace metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchMboxName |
Exch Mailbox Name |
string |
|
|
exchMboxWs |
Exch Mailbox Whitespace MB |
uint32 |
|
EventType: PH_DEV_MON_APP_NTDS_MET
Description: Microsoft directory service performance metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
dirSearchesPerSec |
NTDS Dir Search Rate /sec |
double |
|
|
dirReadsPerSec |
NTDS Dir Read Rate /sec |
double |
|
|
dirWritesPerSec |
NTDS Dir Write Rate /sec |
double |
|
|
dirBrowsesPerSec |
NTDS Dir Browse Rate /sec |
double |
|
|
LDAPSearchesPerSec |
NTDS LDAP Search Rate /sec |
double |
|
|
DSClientBindsPerSec |
NTDS Client Bind Rate /sec |
double |
|
|
LDAPNewConnectionsPerSec |
NTDS LDAP New Conn Rate /sec |
double |
|
|
LDAPSuccessfulBindsPerSec |
NTDS LDAP Success Bind Rate /sec |
double |
|
|
LDAPActiveThreads |
NTDS LDAP Active Threads |
uint32 |
|
|
LDAPBindTime |
NTDS LDAP Bind Time |
uint32 |
|
|
LDAPClientSessions |
NTDS LDAP Client Sessions |
uint32 |
|
EventType: PH_DEV_MON_ARUBA_WLAN_RADIO_METRIC
Description: WLAN Radio interface metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
wlanChannelId |
WLAN Channel Id |
uint32 |
WLAN Channel Id found in SNMP based WLAN monitoring |
|
wlanProtocol |
WLAN Protocol |
string |
WLAN Protocol found in SNMP based WLAN monitoring |
|
wlanUserCount |
WLAN User count |
uint32 |
WLAN User count found in SNMP based WLAN monitoring |
|
wlanChannelUtil |
WLAN Channel Util |
uint32 |
WLAN Channel Util found in SNMP based WLAN monitoring |
|
ifIntefIndx |
WLAN Interface Interefence Index |
uint32 |
WLAN Interface Interefence Index found in SNMP based WLAN monitoring |
|
ifCoverageIndx |
WLAN Interface Coverage Index |
uint32 |
WLAN Interface Coverage Index found in SNMP based WLAN monitoring |
|
ifNoiseIndx |
WLAN Interface Noise Index |
uint32 |
WLAN Interface Noise Index found in SNMP based WLAN monitoring |
|
totBytesPerSec |
Total Byte Rate |
double |
|
|
totPktsPerSec |
Total Packet Rate |
double |
|
EventType: PH_DEV_MON_AUTH_STATS
Description: FortiAuthenticator Authentication status
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
authUserCount |
Auth User Count |
uint32 |
|
|
authGroupCount |
Auth Group Count |
uint32 |
|
|
tokenCount |
Token Count |
uint32 |
|
|
usersRemaining |
User Remaining |
uint32 |
|
|
groupRemaining |
Group Remaining |
uint32 |
|
|
tokenRemaining |
Token Remaining |
uint32 |
|
|
radiusNasCount |
Radius Nas Count |
uint32 |
|
|
radiusNasRemaining |
Radius Nas Remaining |
uint32 |
|
|
userCertCount |
User Certification Count |
uint32 |
|
|
radiusLoginsTot |
Radius Logins Count |
uint32 |
|
|
radiusLogins5Mins |
Radius Logins Count 5 Mins |
uint32 |
|
|
radiusFailuresTot |
Radius Login Failures Count |
uint32 |
|
|
radiusFailures5Mins |
Radius Login Failures Count 5 Mins |
uint32 |
|
|
radiusAccountingTot |
Radius Accounting Count |
uint32 |
|
|
radiusAccounting5Mins |
Radius Accounting Count 5 Mins |
uint32 |
|
|
ldapLoginsTot |
LDAP Logins Count |
uint32 |
|
|
ldapLogins5Mins |
LDAP Logins Count 5 Mins |
uint32 |
|
|
ldapFailuresTot |
LDAP Failures Count |
uint32 |
|
|
ldapFailures5Mins |
LDAP Failures Count 5 Mins |
uint32 |
|
|
authEventsTot |
Auth Events Count |
uint32 |
|
|
authEvents5Mins |
Auth Events Count 5 Mins |
uint32 |
|
|
authFailure |
Auth Failures |
uint32 |
|
|
authFailures5Mins |
Auth Failures Count 5 Mins |
uint32 |
|
|
radiusProxyInTot |
Radius Proxy Requests Received |
uint32 |
|
|
radiusProxyOutTot |
Radius Proxy Requests Sent |
uint32 |
|
EventType: PH_DEV_MON_AUTO_SVC_START_TO_STOP
Description: Running Windows Auto Service stopped
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
servicePath |
Service Path |
string |
|
|
serviceDesc |
Service Description |
string |
|
EventType: PH_DEV_MON_AUTO_SVC_STOP
Description: Windows Auto Service stopped
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
servicePath |
Service Path |
string |
|
|
serviceDesc |
Service Description |
string |
|
EventType: PH_DEV_MON_AUTO_SVC_STOP_TO_START
Description: Stopped Windows Auto Service started
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
servicePath |
Service Path |
string |
|
|
serviceDesc |
Service Description |
string |
|
EventType: PH_DEV_MON_BC_PROXY_METRIC
Description: Bluecoat Web-proxy metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
proxyCacheObjCount |
Proxy Cache Object Count |
uint32 |
|
|
proxy2ServerHttpErr |
Proxy-to-Server HTTP Error |
uint32 |
|
|
proxy2ServerHttpReq |
Proxy-to-Server HTTP Requests |
uint32 |
|
|
server2ProxyHttpKBps |
Server-to-Proxy HTTP Traffic KBps |
double |
|
|
proxy2ServerHttpKBps |
Proxy-to-Server HTTP Traffic KBps |
double |
|
|
client2ProxyHttpReq |
Client-to-Proxy HTTP Request |
uint32 |
|
|
client2ProxyHttpCacheHit |
Client-to-Proxy HTTP Cache Hit |
uint32 |
|
|
client2ProxyHttpError |
Client-to-Proxy HTTP Errors |
uint32 |
|
|
client2ProxyHttpKBps |
Client-to-Proxy HTTP Traffic KBps |
double |
|
|
proxy2ClientHttpKBps |
Proxy-to-Client HTTP Traffic KBps |
double |
|
EventType: PH_DEV_MON_BGP_NBR_STATUS
Description: BGP neighbor status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
srcASNum |
Source Autonomous System Number |
uint16 |
The Autonomous System Number (ASN) to which Source IP belongs. ASN is a unique identifier that is globally available and allows its autonomous system to exchange routing information with other systems. This attribute is generally present in Netflow. |
|
destASNum |
Destination Autonomous System Number |
uint16 |
The Autonomous System Number (ASN) to which Destination IP belongs. ASN is a unique identifier that is globally available and allows its autonomous system to exchange routing information with other systems. This attribute is generally present in Netflow. |
|
bgpState |
BGP State |
string |
|
EventType: PH_DEV_MON_BOX_FILE_CREATE
Description: Box.com file created
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
fileType |
File Type |
string |
|
|
targetName |
Target Name |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
|
filePath |
File Path |
string |
|
|
fileOwner |
File Owner |
string |
|
|
fileDesc |
File Description |
string |
|
|
user |
User |
string |
|
|
userId |
User Id |
string |
|
|
accessTime |
Access Time |
Date |
|
|
accountName |
Account Name |
string |
|
|
fileId |
File Id |
string |
|
|
fileVersion |
File Version |
string |
|
|
targetHashCode |
Target Hash Code |
string |
|
EventType: PH_DEV_MON_BOX_FILE_DELETE
Description: Box.com file deleted
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
fileType |
File Type |
string |
|
|
targetName |
Target Name |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
|
filePath |
File Path |
string |
|
|
fileOwner |
File Owner |
string |
|
|
fileDesc |
File Description |
string |
|
|
user |
User |
string |
|
|
userId |
User Id |
string |
|
|
accessTime |
Access Time |
Date |
|
|
accountName |
Account Name |
string |
|
|
fileId |
File Id |
string |
|
|
fileVersion |
File Version |
string |
|
|
targetHashCode |
Target Hash Code |
string |
|
EventType: PH_DEV_MON_BOX_FILE_MODIFY
Description: Box.com file modified
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
fileType |
File Type |
string |
|
|
targetName |
Target Name |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
|
filePath |
File Path |
string |
|
|
fileOwner |
File Owner |
string |
|
|
fileDesc |
File Description |
string |
|
|
user |
User |
string |
|
|
userId |
User Id |
string |
|
|
accessTime |
Access Time |
Date |
|
|
accountName |
Account Name |
string |
|
|
fileId |
File Id |
string |
|
|
fileVersion |
File Version |
string |
|
|
targetHashCode |
Target Hash Code |
string |
|
EventType: PH_DEV_MON_BOX_FILE_SHARE
Description: Box.com file sharing properties
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
fileType |
File Type |
string |
|
|
targetName |
Target Name |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
|
filePath |
File Path |
string |
|
|
fileOwner |
File Owner |
string |
|
|
fileDesc |
File Description |
string |
|
|
accountName |
Account Name |
string |
|
|
fileId |
File Id |
string |
|
|
fileVersion |
File Version |
string |
|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
downloadURL |
Download URL |
string |
|
|
filePasswordEnabled |
File Password Enabled |
string |
|
|
filePreviewEnabled |
File Preview Enabled |
string |
|
|
fileDownloadEnabled |
File Download Enabled |
string |
|
|
fileUnshareAtTime |
File Unshare At Time |
Date |
|
|
filePreviewCount |
File Preview Count |
uint64 |
|
|
fileDownloadCount |
File Download Count |
uint64 |
|
EventType: PH_DEV_MON_CBQOS_CMSTAT
Description: Cisco Class-Based QoS ClassMap related metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
qosPolicy |
CBQoS Policy Name |
string |
Class Based QoS (CSQoS) Policy Name. This parameter is set by CBQoS monitoring. |
|
qosClass |
CBQoS Class Name |
string |
Class Based QoS (CSQoS) Class Name. This parameter is set by CBQoS monitoring. |
|
qosPrePoliceRate |
CBQoS PrePolice KBps |
double |
The rate (in KBytes/sec) of pre-policed Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosPostPoliceRate |
CBQoS PostPolice KBps |
double |
The rate (in KBytes/sec) of post-policed Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosDropRate |
CBQoS Drop KBps |
double |
The rate (in KBytes/sec) of dropped Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosDropPct |
CBQoS Drop Pct |
double |
Dropped traffic percentage of Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
EventType: PH_DEV_MON_CBQOS_POLICESTAT
Description: Cisco Class-Based QoS Police Action related metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
qosPolicy |
CBQoS Policy Name |
string |
Class Based QoS (CSQoS) Policy Name. This parameter is set by CBQoS monitoring. |
|
qosClass |
CBQoS Class Name |
string |
Class Based QoS (CSQoS) Class Name. This parameter is set by CBQoS monitoring. |
|
qosConformRate |
CBQoS Conform KBps |
double |
The rate (in KBytes/sec) of conforming Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosExceedRate |
CBQoS Exceeded KBps |
double |
The rate (in KBytes/sec) of exceeding Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosViolateRate |
CBQoS Violated KBps |
double |
The rate (in KBytes/sec) of violating Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
EventType: PH_DEV_MON_CBQOS_QUEUESTAT
Description: Cisco Class-Based QoS Queueing Action related metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
qosPolicy |
CBQoS Policy Name |
string |
Class Based QoS (CSQoS) Policy Name. This parameter is set by CBQoS monitoring. |
|
qosClass |
CBQoS Class Name |
string |
Class Based QoS (CSQoS) Class Name. This parameter is set by CBQoS monitoring. |
|
qosCurrQueue |
CBQoS Curr Queue Length |
uint32 |
Current Queue length in Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosMaxQueue |
CBQoS Max Queue Length |
uint32 |
Maximum Queue length in Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosDiscardPkt |
CBQoS Discarded Pkt |
uint32 |
|
EventType: PH_DEV_MON_CCM_CTI_STAT
Description: Cisco Call Manager CTI device status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
lastRegTime |
Last Registered Time |
Date |
|
EventType: PH_DEV_MON_CCM_CTI_STAT_CHANGE
Description: Cisco Call Manager CTI device status changed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
prevCCMStatus |
Prev CCM Status |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_DEL_CTI
Description: Cisco Call Manager CTI device deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_DEL_GW
Description: Cisco Call Manager Gateway deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_DEL_H323
Description: Cisco Call Manager H323 device deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_DEL_MEDIA
Description: Cisco Call Manager Media device deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_DEL_SIP_TRUNK
Description: Cisco Call Manager SIP Trunk Deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_DEL_VM
Description: Cisco Call Manager Voice mail device deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_GLOBAL_INFO
Description: Cisco Call Manager Global Device Info
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
regPhone |
Registered Phones |
uint32 |
|
|
unregPhone |
Unregistered Phones |
uint32 |
|
|
rejPhone |
Rejected Phones |
uint32 |
|
|
regGw |
Registered Gateways |
uint32 |
|
|
unregGw |
Unregistered Gateways |
uint32 |
|
|
rejGw |
Rejected Gateways |
uint32 |
|
|
regMedia |
Registered Media |
uint32 |
|
|
unregMedia |
Unregistered Media |
uint32 |
|
|
rejMedia |
Rejected Media |
uint32 |
|
|
regVM |
Registered VMail |
uint32 |
|
|
unregVM |
Unregistered VMail |
uint32 |
|
|
rejVM |
Rejected VMail |
uint32 |
|
|
sipTrunk |
SIP Trunks |
uint32 |
|
EventType: PH_DEV_MON_CCM_GW_STAT
Description: Cisco Call Manager Gateway Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
lastRegTime |
Last Registered Time |
Date |
|
EventType: PH_DEV_MON_CCM_GW_STAT_CHANGE
Description: Cisco Call Manager Gateway Status Change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
prevCCMStatus |
Prev CCM Status |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_H323_STAT
Description: Cisco Call Manager H323 Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
lastRegTime |
Last Registered Time |
Date |
|
EventType: PH_DEV_MON_CCM_H323_STAT_CHANGE
Description: Cisco Call Manager H323 Status Change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
prevCCMStatus |
Prev CCM Status |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_MEDIA_STAT
Description: Cisco Call Manager Media device Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
lastRegTime |
Last Registered Time |
Date |
|
EventType: PH_DEV_MON_CCM_MEDIA_STAT_CHANGE
Description: Cisco Call Manager Media device status change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
prevCCMStatus |
Prev CCM Status |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_NEW_CTI
Description: Cisco Call Manager CTI device added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_NEW_GW
Description: Cisco Call Manager Gateway added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_NEW_H323
Description: Cisco Call Manager H323 device added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_NEW_MEDIA
Description: Cisco Call Manager Media device added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_NEW_SIP_TRUNK
Description: Cisco Call Manager SIP Trunk Added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_NEW_VM
Description: Cisco Call Manager Voice Mail device added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_SIP_TRUNK_STAT
Description: Cisco Call Manager SIP Trunk Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
|
srcProto |
Source Application Protocol |
string |
|
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destProto |
Destination Application Protocol |
string |
|
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
EventType: PH_DEV_MON_CCM_VM_STAT
Description: Cisco Call Manager Voice Mail Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
lastRegTime |
Last Registered Time |
Date |
|
EventType: PH_DEV_MON_CCM_VM_STAT_CHANGE
Description: Cisco Call Manager Voice Mail Status Change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
prevCCMStatus |
Prev CCM Status |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CHANGE_CUST_CONFIG
Description: Config Change detected by custom script
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
oldSVNVersion |
Old SVN Version |
uint32 |
|
|
newSVNVersion |
New SVN Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_CHANGE_INST_SW
Description: New software (un)installed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
oldSVNVersion |
Old SVN Version |
uint32 |
|
|
newSVNVersion |
New SVN Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_CHANGE_RUN_CONFIG
Description: Running config changed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
oldSVNVersion |
Old SVN Version |
uint32 |
|
|
newSVNVersion |
New SVN Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_CHANGE_RUN_SW
Description: Running apps changed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_CHANGE_STARTUP_CONFIG
Description: Startup config changed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
oldSVNVersion |
Old SVN Version |
uint32 |
|
|
newSVNVersion |
New SVN Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_CISCO_NBAR_STAT
Description: Cisco NBAR statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
appTransportProto |
Application Protocol |
string |
|
|
totFlows |
Total Flows |
uint32 |
Total number of Total (Sent plus Received) Flows. Used in Netflow. |
|
recvFlows |
Received Flows |
uint32 |
Total number of Received Flows. Used in Netflow. |
|
sentFlows |
Sent Flows |
uint32 |
Total number of Sent Flows. Used in Netflow. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
totBitsPerSec |
Total Bit Rate |
double |
Total (Sent plus Received) bits/sec through an interface |
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
EventType: PH_DEV_MON_CISCO_RAS_VPN_MET
Description: Remote Access VPN metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
localVpnIpAddr |
Local VPN Tunnel IP |
IP |
|
|
ispVpnIpAddr |
ISP VPN IP |
IP |
|
|
user |
User |
string |
|
|
userGrp |
User Group |
string |
|
|
tunnelStatus |
Tunnel Status |
string |
|
|
tunnelUpTime |
Tunnel Uptime |
uint64 |
|
|
rasSessProto |
RAS Session Protocol |
string |
|
|
authenMethod |
Authentication Method |
string |
|
|
authorMethod |
Authorization Method |
string |
|
|
encryptAlgo |
Encryption Algorithm |
string |
|
|
authenAlgo |
Authentication Algorithm |
string |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
|
sentPktDrop |
Sent Packet Drop |
uint64 |
|
|
recvPktDrop |
Recv Packet Drop |
uint64 |
|
EventType: PH_DEV_MON_CISCO_VPN_P1_TUNNEL_MET
Description: IPSec P1 Tunnel metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
localVpnIpAddr |
Local VPN Tunnel IP |
IP |
|
|
remoteVpnIpAddr |
Remote VPN Tunnel IP |
IP |
|
|
tunnelStatus |
Tunnel Status |
string |
|
|
tunnelUpTime |
Tunnel Uptime |
uint64 |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPktDrop |
Sent Packet Drop |
uint64 |
|
|
sentExchReject |
Sent Exch Reject |
uint64 |
|
|
sentExchInvalid |
Sent Exch Invalid |
uint64 |
|
|
recvPktDrop |
Recv Packet Drop |
uint64 |
|
|
recvExchReject |
Recv Exch Reject |
uint64 |
|
|
recvExchInvalid |
Recv Exch Invalid |
uint64 |
|
EventType: PH_DEV_MON_CISCO_VPN_P2_TUNNEL_MET
Description: IPSec P2 Tunnel metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
localVpnIpAddr |
Local VPN Tunnel IP |
IP |
|
|
remoteVpnIpAddr |
Remote VPN Tunnel IP |
IP |
|
|
tunnelStatus |
Tunnel Status |
string |
|
|
tunnelUpTime |
Tunnel Uptime |
uint64 |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPktDrop |
Sent Packet Drop |
uint64 |
|
|
sentAuthFail |
Sent Auth Fail |
uint64 |
|
|
sentEncryptFail |
Sent Encrypt Fail |
uint64 |
|
|
recvPktDrop |
Recv Packet Drop |
uint64 |
|
|
recvAuthFail |
Recv Auth Fail |
uint64 |
|
|
recvDecryptFail |
Recv Decrypt Fail |
uint64 |
|
|
recvReplayFail |
Recv Replay Fail |
uint64 |
|
EventType: PH_DEV_MON_CISCO_WLAN_RADIO_METRIC
Description: WLAN Radio interface metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
wlanProtocol |
WLAN Protocol |
string |
WLAN Protocol found in SNMP based WLAN monitoring |
|
ifOperStatus |
Interface Oper Status |
string |
|
|
wlanUserCount |
WLAN User count |
uint32 |
WLAN User count found in SNMP based WLAN monitoring |
|
wlanSuppChannels |
WLAN Supported Channels |
string |
WLAN Supported Channels found in SNMP based WLAN monitoring |
|
wlanChannelId |
WLAN Channel Id |
uint32 |
WLAN Channel Id found in SNMP based WLAN monitoring |
|
wlanSendUtil |
WLAN Transmit Util |
uint32 |
WLAN Transmit Util found in SNMP based WLAN monitoring |
|
wlanRecvUtil |
WLAN Receive Util |
uint32 |
WLAN Receive Util found in SNMP based WLAN monitoring |
|
wlanChannelUtil |
WLAN Channel Util |
uint32 |
WLAN Channel Util found in SNMP based WLAN monitoring |
|
wlanPoorSNRUserCount |
WLAN Poor SNR User count |
uint32 |
WLAN Poor SNR User count found in SNMP based WLAN monitoring |
|
ifLoadProfile |
WLAN Interface Load Profile |
string |
WLAN Interface Load Profile found in SNMP based WLAN monitoring |
|
ifIntefProfile |
WLAN Interface Interefence Profile |
string |
WLAN Interface Interefence Profile found in SNMP based WLAN monitoring |
|
ifCoverageProfile |
WLAN Interface Coverage Profile |
string |
WLAN Interface Coverage Profile found in SNMP based WLAN monitoring |
|
ifNoiseProfile |
WLAN Interface Noise Profile |
string |
WLAN Interface Noise Profile found in SNMP based WLAN monitoring |
EventType: PH_DEV_MON_CITRIX_SDWAN_INTF
Description: Citrix SD-WAN Interface metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
ifIntefIndx |
WLAN Interface Interefence Index |
uint32 |
WLAN Interface Interefence Index found in SNMP based WLAN monitoring |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
sentBytes |
Sent Bytes |
uint32 |
Number of bytes sent by a host. This has 32bit resolution. |
|
sentPkts |
Sent Packets |
uint32 |
Number of packets sent by a host. This is 32bit version. |
|
recvBytes |
Received Bytes |
uint32 |
Number of bytes received by a host. This has 32bit resolution. |
|
recvPkts |
Received Packets |
uint32 |
Number of packets received by a host. This is 32bit version. |
|
droppedBytes |
Dropped Bytes |
uint32 |
|
|
totPktDrop |
Dropped Packets |
uint64 |
Packets dropped |
EventType: PH_DEV_MON_CITRIX_SDWAN_LINK
Description: Citrix SD-WAN Link metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
wanLinkId |
Wan link ID |
uint32 |
|
|
wanLinkName |
Wan link Name |
string |
|
|
wanLinkState |
Wan link State |
uint32 |
|
|
sentBytes |
Sent Bytes |
uint32 |
Number of bytes sent by a host. This has 32bit resolution. |
|
sentPkts |
Sent Packets |
uint32 |
Number of packets sent by a host. This is 32bit version. |
|
recvBytes |
Received Bytes |
uint32 |
Number of bytes received by a host. This has 32bit resolution. |
|
recvPkts |
Received Packets |
uint32 |
Number of packets received by a host. This is 32bit version. |
|
droppedBytes |
Dropped Bytes |
uint32 |
|
|
totPktDrop |
Dropped Packets |
uint64 |
Packets dropped |
|
addressType |
Address Type |
string |
|
|
serverIpAddr |
Server IP |
IP |
|
|
lanToWanRate |
Lan To Wan Rate |
uint64 |
|
|
wanToLanRate |
Wan To Lan Rate |
uint64 |
|
|
lanToWanAllowedRate |
Lan To Wan Allowed Rate |
uint64 |
|
|
wanToLanAllowedRate |
Wan To Lan Allowed Rate |
uint64 |
|
EventType: PH_DEV_MON_CLARION_ARRAY_UTIL
Description: Clarion/VNX Storage Array utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
availDiskMB |
Available Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
hwHotSpareDiskCount |
Hot Spare Disk Count |
uint32 |
|
EventType: PH_DEV_MON_CLARION_DISK_HEALTH
Description: Clarion/VNX Disk health
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
totDisk |
Total Disk Count |
uint32 |
Total number of Disks |
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
activeDisk |
Active Disk Count |
uint32 |
Total number of Active Disks |
|
failedDisk |
Failed Disk Count |
uint32 |
Total number of Failed Disks |
|
spareDisk |
Spare Disk Count |
uint32 |
Total number of Spare Disks |
EventType: PH_DEV_MON_CLARION_HOST_CONN
Description: Host to Clarion/VNX Fiber channel Connections
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcWWN |
Source FiberChannel WWN Id |
string |
|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
spPortName |
SAN Storage Port Name |
string |
|
|
fcLoginStatus |
SAN FC Login Status |
uint32 |
|
|
fcRegStatus |
SAN FC Registration Status |
uint32 |
|
|
lunNameList |
SAN LUN Name List |
string |
|
|
sgName |
SAN Storage Group Name |
string |
|
EventType: PH_DEV_MON_CLARION_LUN_UTIL
Description: Clarion/VNX LUN utilization metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
lunName |
LUN Name |
string |
|
|
lunNumber |
LUN Number |
uint32 |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
EventType: PH_DEV_MON_CLARION_PER_HOST_LUN_UTIL
Description: Per host Clarion/VNX LUN utilization metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
lunName |
LUN Name |
string |
|
|
lunNumber |
LUN Number |
uint32 |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
EventType: PH_DEV_MON_CLARION_PORT_UTIL
Description: Clarion/VNX Storage Port utilization metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
spPortName |
SAN Storage Port Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
EventType: PH_DEV_MON_CLARION_RG_UTIL
Description: Clarion/VNX RAID Group utilization metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
raidGrpId |
RAID Group Id |
uint32 |
|
|
raidType |
RAID Type |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
EventType: PH_DEV_MON_CLARION_SP_UTIL
Description: Clarion/VNX Storage Processor utilization metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
spName |
SAN Storage Processor Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
cpuUtil |
CPU Util |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
EventType: PH_DEV_MON_CLARION_STORAGE_USAGE
Description: Clarion/VNX Storage space utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
usageType |
Usage Type |
string |
|
|
diskUsage |
Disk Used MB |
uint64 |
|
EventType: PH_DEV_MON_CLARION_STORE_POOL_UTIL
Description: Clarion/VNX Storage pool utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
spoolName |
Storage Pool Name |
string |
|
|
raidType |
RAID Type |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
EventType: PH_DEV_MON_CLARION_UNREG_HOST
Description: Logged in but not yet registered Host at EMC CLarion
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcWWN |
Source FiberChannel WWN Id |
string |
|
|
spPortName |
SAN Storage Port Name |
string |
|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DEV_MON_CLOUD_SERVICE_HEARTBEAT
Description: Cloud service heartbeat
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptVendor |
Reporting Vendor |
string |
This field captures the vendor of the reported event |
|
reptModel |
Reporting Model |
string |
This field captures the model of the reported event |
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
version |
Version |
string |
|
|
domain |
Domain |
string |
|
EventType: PH_DEV_MON_CMDB_DISK_PRUNE_FAILED
Description: CMDB free Disk fell below the low threshold and inspite of pruning older incidents and identity / location data, CMDB free Disk stays below high threshold. User need to reduce the number of months of incidents and identity / location data in CMDB.
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CMDB_DISK_PRUNE_SUCCESS
Description: CMDB free Disk fell below the low threshold and old incidents and identity / location data were pruned to bring the CMDB free Disk above high threshold
Severity: 4 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CUST_FILE_CHANGE_ATTRIB
Description: File or directory ownership or access permission changed
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CUST_FILE_CHANGE_CONTENT
Description: File or directory content hash changed
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CUST_FILE_CREATE
Description: New file or directory created
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CUST_FILE_DELETE
Description: New file or directory deleted
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CUST_FILE_SCAN
Description: Files scanned with hashes
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CUST_TARGET_FILE_CHANGE
Description: Target file content changed from gold standard
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_DATASTORE_UTIL
Description: Datastore utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_DCDIAG
Description: Windows Active Directory DCDIAG command output
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_DDNS_UPDATE_STAT
Description: InfoBlox DDNS Update performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
ddnsUpdateSuccess |
DDNS Succesful Updates |
uint32 |
|
|
ddnsUpdateFail |
DDNS Failed Updates |
uint32 |
|
|
dynDnsUpdRej |
Dynamic DNS Update Rejected |
uint32 |
|
|
ddnsUpdatePrereqRej |
DDNS Prereq Rejected Updates |
uint32 |
|
|
ddnsUpdateLatency |
DDNS Update latency |
uint32 |
|
|
dynDnsUpdTimeout |
Dynamic DNS Update Timeout |
uint32 |
|
EventType: PH_DEV_MON_DELLFORCE10_EXT_INTF_UTIL
Description: Network Interface extended utilization stats for Dell Force10 device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
intfAlias |
Host Interface Alias |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
inVlanPktsPerSec |
Recv Valid VLAN Tagged Frame Rate |
double |
|
|
inOverrunsPerSec |
Recv Buffer Overrun Rate |
double |
|
|
outVlanPktsPerSec |
Sent Valid VLAN Tagged Frame rate |
double |
|
|
outUnderrunsPerSec |
Sent Buffer Underrun Rate |
double |
|
|
outUnicastsPerSec |
Sent Unicast Frames rate |
double |
|
|
outCollisionsPerSec |
Sent Frame Collision rate |
double |
|
|
outWredDropsPerSec |
Sent WRED Drop Rate |
double |
|
EventType: PH_DEV_MON_DELL_BLADE_POWER_STATUS
Description: Dell Blade Server Chassis Power Utilization metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
maxSpecEnvPower |
Max Spec Power Watt |
double |
|
|
potentialEnvPower |
Potential Power Watt |
double |
|
|
idleEnvPower |
Idle Power Watt |
double |
|
|
surplusEnvPower |
Surplus Power Watt |
double |
|
|
peakEnvPower |
Peak Power Watt |
double |
|
|
minEnvPower |
Minimum Power Watt |
double |
|
|
envPower |
Power Watt |
double |
|
|
envCurrentAmp |
Current Amp |
double |
|
EventType: PH_DEV_MON_DELL_BLADE_PSU_STATUS
Description: Dell Blade Server Power Supply Utilization metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorLoc |
Sensor Location |
string |
|
|
envPower |
Power Watt |
double |
|
|
envCurrentAmp |
Current Amp |
double |
|
|
envVoltage |
Voltage |
double |
|
EventType: PH_DEV_MON_DELTA_CONFIG
Description: Running config different than startup config
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
startUpConfVer |
StartUp Config Version |
uint32 |
|
|
runningConfVer |
Running Config Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_DGA_DETECTED
Description: FortiSIEM detected host names created via Domain Generation Algorithm
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
relayDevIpAddr |
Relaying IP |
IP |
Relaying IP is most commonly used to specify the log relay appliance, usually a collector. |
|
relayDevName |
Relaying Device |
string |
This is the hostname of the relaying device, a log relay, which is most typically a FortiSIEM collector. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
domainEntropy |
Domain Name Entropy |
double |
|
EventType: PH_DEV_MON_DHCP_SUBNET_USAGE
Description: InfoBlox DHCP subnet usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
dhcpSubnetAddr |
DHCP Subnet Address |
IP |
|
|
dhcpSubnetMask |
DHCP Subnet Mask |
IP |
|
|
dhcpSubnetUsed |
DHCP Subnet Usage pct |
uint32 |
|
EventType: PH_DEV_MON_DISK_IO_UTIL
Description: Disk IO Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskIOUtil |
Disk IO Util |
double |
|
|
devDiskRWLatency |
Disk Read/Write Latency |
double |
|
|
appDiskRWLatency |
Disk Appl Read/Write Latency |
double |
|
|
diskTfrKBytesPerSec |
Disk Transfer Rate KBps |
double |
|
|
diskNumofSeeksPerSec |
Disk Number of Seeks |
double |
|
|
diskType |
Disk Type |
string |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
devDiskRdLatency |
Disk Read Latency ms |
double |
|
|
devDiskWrLatency |
Disk Write Latency ms |
double |
|
|
diskQLen |
Disk Queue Length |
uint32 |
|
EventType: PH_DEV_MON_DISK_MON_SKIP
Description: Disk/Volume Monitoring skipped by policy
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
EventType: PH_DEV_MON_DNS_CLUST_REPL_STAT
Description: InfoBlox DNS CLuster replication metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
dnsReplQueueStatus |
DNS Replication Queue Status |
string |
|
|
dnsSentQueueFromMaster |
DNS Sent Queue From Master |
uint32 |
|
|
dnsLastSentTimeFromMaster |
DNS Sent Time From Master |
string |
|
|
dnsSentQueueToMaster |
DNS Sent Queue To Master |
uint32 |
|
|
dnsLastSentTimeToMaster |
DNS Sent Time To Master |
string |
|
EventType: PH_DEV_MON_DNS_PERF_STAT
Description: InfoBlox DNS Performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
nonAuthDNSQueryCount |
NonAuth DNS Query Count |
uint32 |
|
|
nonAuthDNSAvgLatency |
Avg NonAuth DNS Latency ms |
uint32 |
|
|
authDNSQueryCount |
Auth DNS Query Count |
uint32 |
|
|
authDNSAvgLatency |
Avg Auth DNS Latency ms |
uint32 |
|
|
dnsInvalidPort |
Invalid DNS Port Response |
uint32 |
|
|
dnsInvalidTxId |
Invalid DNS TXID Response |
uint32 |
|
EventType: PH_DEV_MON_DNS_ZONETX_MET
Description: InfoBlox DNS Zone Transfer metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
dnsZone |
DNS Zone Name |
string |
|
|
dnsRespSent |
DNS Responses Sent |
uint32 |
|
|
dnsFailedQuery |
DNS Failed Queries |
uint32 |
|
|
dnsReferral |
DNS Referrals |
uint32 |
|
|
dnsQueryNxRecord |
DNS Non-existent Record Queries |
uint32 |
|
|
dnsQueryNxDomain |
DNS Non-existent Domain Queries |
uint32 |
|
|
dnsRecQueryRecv |
Recursive DNS Query Recvd |
uint32 |
|
EventType: PH_DEV_MON_DST_AD_REPL_STAT
Description: Windows Active Directory Destination REPLSTAT command output
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_EBS_METRIC
Description: AWS EBS metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
volumeId |
AWS Volume Id |
string |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
ioReadsPerSec |
Total Read I/Os Rate |
double |
|
|
ioWritesPerSec |
Total Write I/Os Rate |
double |
|
|
diskQLen |
Disk Queue Length |
uint32 |
|
EventType: PH_DEV_MON_EC2_INSTANCE_DOWN
Description: AWS EC2 instance went down
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
ec2InstanceId |
EC2 Instance Id |
string |
|
|
accountId |
Account Id |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DEV_MON_EC2_INSTANCE_UP
Description: AWS EC2 instance came back up
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
ec2InstanceId |
EC2 Instance Id |
string |
|
|
accountId |
Account Id |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DEV_MON_EC2_METRIC
Description: Amazon Web Services EC2 status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cpuUtil |
CPU Util |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
EventType: PH_DEV_MON_EMC_DATADOMAIN_DISK_PERF
Description: EMC Data Domain disk performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
diskSectorsReadPerSec |
Disk Sector Reads/sec |
double |
|
|
diskSectorsWrittenPerSec |
Disk Sector Writes/sec |
double |
|
|
diskTfrKBytesPerSec |
Disk Transfer Rate KBps |
double |
|
|
diskIOUtil |
Disk IO Util |
double |
|
|
hwDiskStatus |
Hardware Disk Status |
uint16 |
Hardware Disk Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
EventType: PH_DEV_MON_EMC_DATADOMAIN_OVERALL_PERF
Description: EMC Data Domain overall performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskIOUtil |
Disk IO Util |
double |
|
|
nvramReadKBytesPerSec |
NVRAM Reads KBps |
double |
|
|
nvramWriteKBytesPerSec |
NVRAM Writes KBps |
double |
|
|
replInKBytesPerSec |
Replication Recvd KBps |
double |
|
|
replOutKBytesPerSec |
Replication Writes KBps |
double |
|
|
nfsOpsPerSec |
NFS Request Rate |
double |
|
|
nfsProcPercentage |
NFS Processing Pct |
double |
|
|
nfsSendPercentage |
NFS Send Pct |
double |
|
|
nfsReceivePercentage |
NFS Recv Pct |
double |
|
|
cifsOpsPerSec |
CIFS Request Rate |
double |
|
EventType: PH_DEV_MON_EQL_CONN_MET
Description: EqualLogic connection performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
sanConnCount |
SAN Connection Count |
uint32 |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
devDiskRdLatency |
Disk Read Latency ms |
double |
|
|
devDiskWrLatency |
Disk Write Latency ms |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
EventType: PH_DEV_MON_EQL_DISK_HEALTH
Description: EqualLogic disk status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
totDisk |
Total Disk Count |
uint32 |
Total number of Disks |
|
activeDisk |
Active Disk Count |
uint32 |
Total number of Active Disks |
|
failedDisk |
Failed Disk Count |
uint32 |
Total number of Failed Disks |
|
spareDisk |
Spare Disk Count |
uint32 |
Total number of Spare Disks |
EventType: PH_DEV_MON_EQL_DISK_MET
Description: EqualLogic disk level performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskIOUtil |
Disk IO Util |
double |
|
|
ioQueue |
Disk IO Queue |
uint32 |
|
|
diskTransferRate |
Disk Transfer Rate/sec |
double |
|
EventType: PH_DEV_MON_EQL_GROUP_MET
Description: EqualLogic group level performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
totalStorageMB |
Total Storage MB |
uint32 |
|
|
usedStorageMB |
Used Storage MB |
uint32 |
|
|
resvStorageMB |
Reserved Storage MB |
uint32 |
|
|
resvUsedStorageMB |
Reserved Used Disk MB |
uint32 |
|
|
totalVolume |
Total Volumes |
uint32 |
|
|
usedVolume |
Used Volumes |
uint32 |
|
|
onlineVolume |
Online Volumes |
uint32 |
|
|
totalSnapshot |
Total Snapshots |
uint32 |
|
|
usedSnapshot |
Used Snapshots |
uint32 |
|
|
onlineSnapshot |
Online Snapshots |
uint32 |
|
EventType: PH_DEV_MON_ESX_DATASTORE_IO
Description: ESX Datastore IO stats
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_ESX_DISK_IO
Description: ESX Disk IO stats
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_ESX_DISK_UTIL
Description: ESX datastore utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_ESX_STATE
Description: Physical Machine State
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_ESX_UPTIME
Description: ESX server's up time
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_EUM_FAIL
Description: Synthetic transaction monitor failed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
appPort |
Application Port |
string |
This field represents the port that an application uses. |
|
appTransportProto |
Application Protocol |
string |
|
|
endUserMonitorName |
Synthetic Transaction Monitor Name |
string |
This is the name of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI |
|
endUserMonitorStep |
Synthetic Transaction Monitor Step |
string |
This is the step of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI. An STM job can have many steps, and an event is generated for every step. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
srcProto |
Source Application Protocol |
string |
|
|
srcUser |
Source User |
string |
|
|
destUser |
Destination User |
string |
|
|
mailSubject |
Mail Subject |
string |
|
EventType: PH_DEV_MON_EUM_INTERNAL_ERR
Description: Synthetic transaction monitoring failed because of internal error
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
appPort |
Application Port |
string |
This field represents the port that an application uses. |
|
appTransportProto |
Application Protocol |
string |
|
|
endUserMonitorName |
Synthetic Transaction Monitor Name |
string |
This is the name of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
srcProto |
Source Application Protocol |
string |
|
|
srcUser |
Source User |
string |
|
|
destUser |
Destination User |
string |
|
|
mailSubject |
Mail Subject |
string |
|
EventType: PH_DEV_MON_EUM_STATUS
Description: Synthetic transaction monitor status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
appPort |
Application Port |
string |
This field represents the port that an application uses. |
|
appTransportProto |
Application Protocol |
string |
|
|
endUserMonitorName |
Synthetic Transaction Monitor Name |
string |
This is the name of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI |
|
endUserMonitorStep |
Synthetic Transaction Monitor Step |
string |
This is the step of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI. An STM job can have many steps, and an event is generated for every step. |
|
newStatus |
New Status |
string |
|
|
sysDownTime |
System Downtime |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_EUM_SUCCESS
Description: Synthetic transaction monitor succeeded
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
appPort |
Application Port |
string |
This field represents the port that an application uses. |
|
appTransportProto |
Application Protocol |
string |
|
|
endUserMonitorName |
Synthetic Transaction Monitor Name |
string |
This is the name of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI |
|
endUserMonitorStep |
Synthetic Transaction Monitor Step |
string |
This is the step of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI. An STM job can have many steps, and an event is generated for every step. |
|
appResponseTimeMSec |
Application Response Time |
uint32 |
|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
srcProto |
Source Application Protocol |
string |
|
|
srcUser |
Source User |
string |
|
|
destUser |
Destination User |
string |
|
|
mailSubject |
Mail Subject |
string |
|
EventType: PH_DEV_MON_F5_ACTIVE_CONN
Description: F5 Active Connection Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
clientConns |
Client Connections |
uint64 |
|
|
serverConns |
Server Connections |
uint64 |
|
|
pvaClientConns |
PVA Client Connections |
uint32 |
|
|
pvaServerConns |
PVA Server Connections |
uint32 |
|
|
sslClientConns |
SSL Client Connections |
uint32 |
|
|
sslServerConns |
SSL Server Connections |
uint32 |
|
EventType: PH_DEV_MON_F5_LTM_NODE_STAT
Description: F5 LTM Node Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serverIpAddr |
Server IP |
IP |
|
|
statusDetailedReason |
Status Detail Reason |
string |
|
|
ratio |
Ratio |
uint64 |
|
|
monitorState |
Monitor State |
string |
|
|
monitorStatus |
Monitor Status |
string |
|
|
sessionStatus |
Session Status |
string |
|
|
availState |
Availability State |
string |
|
|
enabledState |
Enabled State |
string |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
recvPktsPerSec |
Received Packet Rate |
double |
Received Packet rate (packets/sec) |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
recvBytesPerSec |
Received Byte Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
sentPktsPerSec |
Sent Packet Rate |
double |
Sent Packet rate (packets/sec) |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
sentBytesPerSec |
Sent Byte Rate |
double |
|
|
peakConns |
Peak Connections |
uint64 |
|
|
totConns |
Total Connections |
uint64 |
|
|
totConnsPerSec |
Total Connections/sec |
double |
|
|
activeConns |
Active Connection |
uint64 |
|
|
pvaRecvPkts |
Received PVA Packets |
uint64 |
|
|
pvaRecvPktsPerSec |
Received PVA Pkts/sec |
double |
|
|
pvaRecvBytes |
Received PVA Bytes |
uint64 |
|
|
pvaRecvBytesPerSec |
Received PVA Bps |
double |
|
|
pvaSentPkts |
Sent PVA Packets |
uint64 |
|
|
pvaSentPktsPerSec |
Sent PVA Pkts/sec |
double |
|
|
pvaSentBytes |
Sent PVA Bytes |
uint64 |
|
|
pvaSentBytesPerSec |
Sent PVA Bps |
double |
|
|
pvaMaxConns |
Max PVA Connections |
uint64 |
|
|
pvaTotConns |
Total PVA Connections |
uint64 |
|
|
pvaTotConnsPerSec |
PVA Connections/sec |
double |
|
|
pvaCurrConns |
Current PVA Connections |
uint64 |
|
|
totRequests |
Total Requests |
uint64 |
|
|
totRequestsPerSec |
Requests/sec |
double |
|
|
pvaAssistTotConns |
Total PVA Assisted Connections |
uint64 |
|
|
pvaAssistTotConnsPerSec |
PVA Assisted Connections/sec |
double |
|
|
pvaAssistCurrConns |
Assisted PVA Connections |
uint64 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_LTM_POOL_MEMBER_STAT
Description: F5 LTM Pool Member Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serverIpAddr |
Server IP |
IP |
|
|
poolName |
Pool Name |
string |
|
|
statusDetailedReason |
Status Detail Reason |
string |
|
|
memberPort |
Member Port |
uint16 |
|
|
ratio |
Ratio |
uint64 |
|
|
monitorState |
Monitor State |
string |
|
|
monitorStatus |
Monitor Status |
string |
|
|
sessionStatus |
Session Status |
string |
|
|
availState |
Availability State |
string |
|
|
enabledState |
Enabled State |
string |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
recvPktsPerSec |
Received Packet Rate |
double |
Received Packet rate (packets/sec) |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
recvBytesPerSec |
Received Byte Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
sentPktsPerSec |
Sent Packet Rate |
double |
Sent Packet rate (packets/sec) |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
sentBytesPerSec |
Sent Byte Rate |
double |
|
|
peakConns |
Peak Connections |
uint64 |
|
|
totConns |
Total Connections |
uint64 |
|
|
totConnsPerSec |
Total Connections/sec |
double |
|
|
activeConns |
Active Connection |
uint64 |
|
|
pvaRecvPkts |
Received PVA Packets |
uint64 |
|
|
pvaRecvPktsPerSec |
Received PVA Pkts/sec |
double |
|
|
pvaRecvBytes |
Received PVA Bytes |
uint64 |
|
|
pvaRecvBytesPerSec |
Received PVA Bps |
double |
|
|
pvaSentPkts |
Sent PVA Packets |
uint64 |
|
|
pvaSentPktsPerSec |
Sent PVA Pkts/sec |
double |
|
|
pvaSentBytes |
Sent PVA Bytes |
uint64 |
|
|
pvaSentBytesPerSec |
Sent PVA Bps |
double |
|
|
pvaMaxConns |
Max PVA Connections |
uint64 |
|
|
pvaTotConns |
Total PVA Connections |
uint64 |
|
|
pvaTotConnsPerSec |
PVA Connections/sec |
double |
|
|
pvaCurrConns |
Current PVA Connections |
uint64 |
|
|
totRequests |
Total Requests |
uint64 |
|
|
totRequestsPerSec |
Requests/sec |
double |
|
|
pvaAssistTotConns |
Total PVA Assisted Connections |
uint64 |
|
|
pvaAssistTotConnsPerSec |
PVA Assisted Connections/sec |
double |
|
|
pvaAssistCurrConns |
Assisted PVA Connections |
uint64 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_LTM_POOL_STAT
Description: F5 LTM Pool Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
poolName |
Pool Name |
string |
|
|
poolLbMode |
Pool Loadbalance Mode |
string |
|
|
poolMemberCount |
Pool Member Count |
uint64 |
|
|
availState |
Availability State |
string |
|
|
enabledState |
Enabled State |
string |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
recvPktsPerSec |
Received Packet Rate |
double |
Received Packet rate (packets/sec) |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
recvBytesPerSec |
Received Byte Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
sentPktsPerSec |
Sent Packet Rate |
double |
Sent Packet rate (packets/sec) |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
sentBytesPerSec |
Sent Byte Rate |
double |
|
|
peakConns |
Peak Connections |
uint64 |
|
|
totConns |
Total Connections |
uint64 |
|
|
totConnsPerSec |
Total Connections/sec |
double |
|
|
activeConns |
Active Connection |
uint64 |
|
|
pvaRecvPkts |
Received PVA Packets |
uint64 |
|
|
pvaRecvPktsPerSec |
Received PVA Pkts/sec |
double |
|
|
pvaRecvBytes |
Received PVA Bytes |
uint64 |
|
|
pvaRecvBytesPerSec |
Received PVA Bps |
double |
|
|
pvaSentPkts |
Sent PVA Packets |
uint64 |
|
|
pvaSentPktsPerSec |
Sent PVA Pkts/sec |
double |
|
|
pvaSentBytes |
Sent PVA Bytes |
uint64 |
|
|
pvaSentBytesPerSec |
Sent PVA Bps |
double |
|
|
pvaMaxConns |
Max PVA Connections |
uint64 |
|
|
pvaTotConns |
Total PVA Connections |
uint64 |
|
|
pvaTotConnsPerSec |
PVA Connections/sec |
double |
|
|
pvaCurrConns |
Current PVA Connections |
uint64 |
|
|
pvaAssistTotConns |
Total PVA Assisted Connections |
uint64 |
|
|
pvaAssistTotConnsPerSec |
PVA Assisted Connections/sec |
double |
|
|
pvaAssistCurrConns |
Assisted PVA Connections |
uint64 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_LTM_VIRT_ADDR_STAT
Description: F5 LTM Virtual Address Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serverIpAddr |
Server IP |
IP |
|
|
availState |
Availability State |
string |
|
|
enabledState |
Enabled State |
string |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
recvPktsPerSec |
Received Packet Rate |
double |
Received Packet rate (packets/sec) |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
recvBytesPerSec |
Received Byte Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
sentPktsPerSec |
Sent Packet Rate |
double |
Sent Packet rate (packets/sec) |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
sentBytesPerSec |
Sent Byte Rate |
double |
|
|
peakConns |
Peak Connections |
uint64 |
|
|
totConns |
Total Connections |
uint64 |
|
|
totConnsPerSec |
Total Connections/sec |
double |
|
|
activeConns |
Active Connection |
uint64 |
|
|
pvaRecvPkts |
Received PVA Packets |
uint64 |
|
|
pvaRecvPktsPerSec |
Received PVA Pkts/sec |
double |
|
|
pvaRecvBytes |
Received PVA Bytes |
uint64 |
|
|
pvaRecvBytesPerSec |
Received PVA Bps |
double |
|
|
pvaSentPkts |
Sent PVA Packets |
uint64 |
|
|
pvaSentPktsPerSec |
Sent PVA Pkts/sec |
double |
|
|
pvaSentBytes |
Sent PVA Bytes |
uint64 |
|
|
pvaSentBytesPerSec |
Sent PVA Bps |
double |
|
|
pvaMaxConns |
Max PVA Connections |
uint64 |
|
|
pvaTotConns |
Total PVA Connections |
uint64 |
|
|
pvaTotConnsPerSec |
PVA Connections/sec |
double |
|
|
pvaCurrConns |
Current PVA Connections |
uint64 |
|
|
pvaAssistTotConns |
Total PVA Assisted Connections |
uint64 |
|
|
pvaAssistTotConnsPerSec |
PVA Assisted Connections/sec |
double |
|
|
pvaAssistCurrConns |
Assisted PVA Connections |
uint64 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_LTM_VIRT_SERVER_STAT
Description: F5 LTM Virtual Server Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
virtServerName |
Virtual Server name |
string |
|
|
statusDetailedReason |
Status Detail Reason |
string |
|
|
virtServerPort |
Virtual Server Port |
uint16 |
|
|
availState |
Availability State |
string |
|
|
enabledState |
Enabled State |
string |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
recvPktsPerSec |
Received Packet Rate |
double |
Received Packet rate (packets/sec) |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
recvBytesPerSec |
Received Byte Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
sentPktsPerSec |
Sent Packet Rate |
double |
Sent Packet rate (packets/sec) |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
sentBytesPerSec |
Sent Byte Rate |
double |
|
|
peakConns |
Peak Connections |
uint64 |
|
|
totConns |
Total Connections |
uint64 |
|
|
totConnsPerSec |
Total Connections/sec |
double |
|
|
activeConns |
Active Connection |
uint64 |
|
|
pvaRecvPkts |
Received PVA Packets |
uint64 |
|
|
pvaRecvPktsPerSec |
Received PVA Pkts/sec |
double |
|
|
pvaRecvBytes |
Received PVA Bytes |
uint64 |
|
|
pvaRecvBytesPerSec |
Received PVA Bps |
double |
|
|
pvaSentPkts |
Sent PVA Packets |
uint64 |
|
|
pvaSentPktsPerSec |
Sent PVA Pkts/sec |
double |
|
|
pvaSentBytes |
Sent PVA Bytes |
uint64 |
|
|
pvaSentBytesPerSec |
Sent PVA Bps |
double |
|
|
pvaMaxConns |
Max PVA Connections |
uint64 |
|
|
pvaTotConns |
Total PVA Connections |
uint64 |
|
|
pvaTotConnsPerSec |
PVA Connections/sec |
double |
|
|
pvaCurrConns |
Current PVA Connections |
uint64 |
|
|
totRequests |
Total Requests |
uint64 |
|
|
totRequestsPerSec |
Requests/sec |
double |
|
|
pvaAssistTotConns |
Total PVA Assisted Connections |
uint64 |
|
|
pvaAssistTotConnsPerSec |
PVA Assisted Connections/sec |
double |
|
|
pvaAssistCurrConns |
Assisted PVA Connections |
uint64 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_NEW_CONN
Description: F5 New Connnection Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
tcpClientAcceptsPerSec |
TCP Client Connection Accept Rate |
double |
|
|
tcpClientConnsPerSec |
TCP Client Connection Rate |
double |
|
|
serverConnsPerSec |
Server Connection Rate |
double |
|
|
clientConnsPerSec |
Client Connection Rate |
double |
|
|
pvaClientConnsPerSec |
PVA Client Connection Rate |
double |
|
|
pvaServerConnsPerSec |
PVA Server Connection Rate |
double |
|
|
sslClientConnsPerSec |
SSL Client Connection Rate |
double |
|
|
sslServerConnsPerSec |
SSL Server Connection Rate |
double |
|
|
httpRequestsPerSec |
HTTP Request Rate |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_RAM_CACHE
Description: F5 RAM Cache Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
httpRAMCacheHitRate |
HTTP Cache Hit Rate |
double |
|
|
httpRAMCacheHitByteRate |
HTTP Cache Byte Hit Rate |
double |
|
|
httpRAMCacheEvictionRate |
HTTP cache Eviction Rate |
double |
|
EventType: PH_DEV_MON_F5_THROUGHPUT
Description: F5 Throughput Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
clientTotBitsPerSec |
Client Total bps |
double |
|
|
serverTotBitsPerSec |
Server Total bps |
double |
|
|
httpCompressionBitsPerSec |
HTTP Compression bps |
double |
|
|
clientInBitsPerSec |
Client Recv bps |
double |
|
|
clientOutBitsPerSec |
Client Sent bps |
double |
|
|
serverInBitsPerSec |
Server Recv bps |
double |
|
|
serverOutBitsPerSec |
Server Sent bps |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_TMM_MEM_UTIL
Description: F5 per TMM memory utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
tmmName |
F5 TMM Name |
string |
|
|
memUtil |
Memory Util |
double |
|
|
totalMemKB |
Total Memory |
uint32 |
|
|
freeMemKB |
Free Memory |
uint32 |
|
|
usedMemKB |
Used Memory |
uint32 |
|
EventType: PH_DEV_MON_FGT_SEC_POSTURE_DETAILS
Description: FortiGate Security Posture - Per device audit details
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
type |
Type |
string |
|
|
subtype |
Subtype |
string |
|
|
eventSeverityCat |
Event Severity Category |
string |
It takes 3 values - High, Medium and Low based on Event Severity. (1-4 : Low, 5-8 : Medium, 9-10 : High) |
|
deviceType |
Device Type |
string |
|
|
serialNumber |
Serial Number |
string |
|
|
auditScore |
Audit Score |
double |
|
|
status |
Status |
string |
|
EventType: PH_DEV_MON_FGT_SEC_POSTURE_DETECTED_ENDPOINTS
Description: FortiGate Security Posture - Detected Endpoint Types
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
totGenericDevs |
Total Generic Devices |
uint32 |
|
|
totFortigateDevs |
Total FortiGates |
uint32 |
|
|
totFortimgrDevs |
Total FortiManager |
uint32 |
|
|
totFortisandboxDevs |
Total FortiSandbox Devices |
uint32 |
|
|
totWindowsDevs |
Total Windows Devices |
uint32 |
|
|
totLinuxDevs |
Total Linux Devices |
uint32 |
|
|
totAppleDevs |
Total Apple Devices |
uint32 |
|
|
totMobileDevs |
Total Mobile Devices |
uint32 |
|
EventType: PH_DEV_MON_FGT_SEC_POSTURE_FABRIC_GRADE
Description: FortiGate Security Posture - Overall Fabric Grade
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
letterGrade |
Letter Grade |
string |
|
EventType: PH_DEV_MON_FGT_SEC_POSTURE_PER_CATEGORY_GRADE
Description: FortiGate Security Posture - Per category grade
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
type |
Type |
string |
|
|
gradePercent |
Grade Percentage |
uint32 |
|
|
letterGrade |
Letter Grade |
string |
|
|
eventSeverityCat |
Event Severity Category |
string |
It takes 3 values - High, Medium and Low based on Event Severity. (1-4 : Low, 5-8 : Medium, 9-10 : High) |
|
totalNum |
Total Number of Items |
uint32 |
|
EventType: PH_DEV_MON_FGT_SEC_POSTURE_PER_CATEGORY_STATS
Description: FortiGate Security Posture - Per category summary
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
type |
Type |
string |
|
|
totalChecks |
Total Checks |
uint32 |
|
|
totalFailedChecks |
Total Failed Checks |
uint32 |
|
|
totalExemptChecks |
Total Exempt Checks |
uint32 |
|
|
totalPassedChecks |
Total Passed Checks |
uint32 |
|
|
totalRecommendations |
Total Recommendations |
uint32 |
|
|
auditScore |
Audit Score |
double |
|
|
lowSevCount |
Low Severity Count |
uint32 |
|
|
mediumSevCount |
Medium Severity Count |
uint32 |
|
|
highSevCount |
High Severity Count |
uint32 |
|
|
criticalSevCount |
Critical Severity Count |
uint32 |
|
EventType: PH_DEV_MON_FGT_SEC_POSTURE_PER_DEVICE_STATS
Description: FortiGate Security Posture - Per device summary
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
serialNumber |
Serial Number |
string |
|
|
totalChecks |
Total Checks |
uint32 |
|
|
totalFailedChecks |
Total Failed Checks |
uint32 |
|
|
totalExemptChecks |
Total Exempt Checks |
uint32 |
|
|
totalPassedChecks |
Total Passed Checks |
uint32 |
|
|
totalRecommendations |
Total Recommendations |
uint32 |
|
|
auditScore |
Audit Score |
double |
|
|
lowSevCount |
Low Severity Count |
uint32 |
|
|
mediumSevCount |
Medium Severity Count |
uint32 |
|
|
highSevCount |
High Severity Count |
uint32 |
|
|
criticalSevCount |
Critical Severity Count |
uint32 |
|
EventType: PH_DEV_MON_FGT_USER_INFO
Description: FortiGate User Device Informational Event
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostVendor |
Host Vendor |
string |
This field captures the vendor of the reported event |
|
hostMACAddr |
Host MAC |
string |
Host Layer 2 MAC Address in the log |
|
vdom |
Virtual Domain |
string |
|
|
osName |
Operating System Name |
string |
|
|
osVersion |
Operating System Version |
string |
|
|
userFullName |
User Full Name |
string |
|
|
lastSeenTime |
Last Seen Time |
Date |
|
|
appName |
Application Name |
string |
|
|
user |
User |
string |
|
|
firstSeenTime |
First Seen Time |
Date |
|
|
tagName |
Tag Name |
string |
|
|
emsSerialNumber |
FortiEMS Serial Number |
string |
|
|
srcAppVersion |
Source App Version |
string |
|
|
discoveryDomain |
Discovery Domain |
string |
|
|
purdueLevel |
Purdue Level |
double |
|
|
vulnCount |
Vulnerability Count |
uint64 |
|
|
vulnCountCritical |
Vulnerability Count Critical |
uint16 |
|
|
vulnCountHigh |
Vulnerability Count High |
uint16 |
|
|
vulnCountMedium |
Vulnerability Count Medium |
uint16 |
|
|
vulnCountLow |
Vulnerability Count Low |
uint16 |
|
|
vulnCountInfo |
Vulnerability Count Info |
uint16 |
|
EventType: PH_DEV_MON_FILE_CONTENT_CHANGE
Description: Monitored file modified
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
fileName |
File Name |
string |
|
|
hashCode |
Hash Code |
string |
|
|
oldSVNVersion |
Old SVN Version |
uint32 |
|
|
newSVNVersion |
New SVN Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
|
user |
User |
string |
|
|
hashAlgo |
Hash Algorithm |
string |
|
EventType: PH_DEV_MON_FIREAMP_DISCOVERY_CLIENT_APP
Description: FireAMP Client App discovery event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
clientAppId |
Client App Id |
uint32 |
|
|
appName |
Application Name |
string |
|
EventType: PH_DEV_MON_FIREAMP_DISCOVERY_NETWORK_PROTOCOL
Description: FireAMP Network App discovery event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
EventType: PH_DEV_MON_FIREAMP_DISCOVERY_OS_FINGERPRINT
Description: FireAMP OS discovery event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
fingerprintId |
Fingerprint |
string |
|
|
osType |
Operating System |
string |
|
|
hostVendor |
Host Vendor |
string |
This field captures the vendor of the reported event |
|
osVersion |
Operating System Version |
string |
|
EventType: PH_DEV_MON_FIREAMP_DISCOVERY_SERVER
Description: FireAMP Server discovery event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
applicationId |
Application Id |
uint32 |
|
|
appTransportProto |
Application Protocol |
string |
|
EventType: PH_DEV_MON_FIREAMP_FILE
Description: FireAMP File Analysis event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
envSensorId |
Env Sensor Id |
string |
|
|
deviceTime |
Device Time |
Date |
This is the timestamp as seen in the raw log. This is converted and stored as epoch milliseconds. Note that the deviceTime, or event occur time, is different than the event receive time by the SIEM. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
fileName |
File Name |
string |
|
|
hashAlgo |
Hash Algorithm |
string |
|
|
hashCode |
Hash Code |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
|
fileDirection |
File Direction |
uint16 |
|
|
fireAmpDisposition |
FireAmp Disposition |
uint16 |
|
|
fireAmpSperoDisposition |
FireAmp Spero Disposition |
uint16 |
|
|
fireAmpFileStorageStatus |
FireAmp File Storage Status |
uint16 |
|
|
fireAmpFileAnalysisStatus |
FireAmp File Analysis Status |
uint16 |
|
|
threatScore |
Threat Score |
uint16 |
|
|
fireAmpFileAction |
FireAmp File Action |
uint16 |
|
|
fileType |
File Type |
string |
|
|
applicationId |
Application Id |
uint32 |
|
|
destUserId |
Destination User Id |
uint32 |
|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
signatureName |
Signature Name |
string |
|
|
accessCtlPolicyId |
Access Control Policy Id |
uint32 |
|
|
srcGeoCountryCode |
Source Country Number |
uint32 |
|
|
destGeoCountryCode |
Destination Country Number |
uint32 |
|
|
webAppId |
Web App Id |
uint32 |
|
|
clientAppId |
Client App Id |
uint32 |
|
|
connCounter |
Connection Counter |
uint64 |
|
|
connEventTime |
Connection Event Time |
Date |
|
EventType: PH_DEV_MON_FIREAMP_IMPACT_FLAG
Description: FireAMP Impact Flag event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
envSensorId |
Env Sensor Id |
string |
|
|
snortEventId |
Snort Event ID |
uint64 |
Event ID of a Snort IPS Device |
|
deviceTime |
Device Time |
Date |
This is the timestamp as seen in the raw log. This is converted and stored as epoch milliseconds. Note that the deviceTime, or event occur time, is different than the event receive time by the SIEM. |
|
eventType |
Event Type |
string |
This is the unique log name, identifying the product and type of log. This is a key attribute for most queries. |
|
compEventType |
Component Event Type |
string |
This is the event type in the Incident event. Since Incident itself is an event with its own event type, this variable is needed to capture the event type of the triggering events in the IncidentDetail attribute. |
|
ipsGeneratorId |
IPS Generator Id |
uint64 |
|
|
ipsSignatureId |
Signature Id |
uint64 |
|
|
ipsClassificationId |
IPS Classification Id |
uint64 |
|
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
fireAmpImpactFlag |
FireAmp Impact Flag |
uint16 |
|
EventType: PH_DEV_MON_FIREAMP_INTRUSION
Description: FireAMP Intrusion event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
envSensorId |
Env Sensor Id |
string |
|
|
snortEventId |
Snort Event ID |
uint64 |
Event ID of a Snort IPS Device |
|
deviceTime |
Device Time |
Date |
This is the timestamp as seen in the raw log. This is converted and stored as epoch milliseconds. Note that the deviceTime, or event occur time, is different than the event receive time by the SIEM. |
|
eventType |
Event Type |
string |
This is the unique log name, identifying the product and type of log. This is a key attribute for most queries. |
|
compEventType |
Component Event Type |
string |
This is the event type in the Incident event. Since Incident itself is an event with its own event type, this variable is needed to capture the event type of the triggering events in the IncidentDetail attribute. |
|
ipsGeneratorId |
IPS Generator Id |
uint64 |
|
|
ipsSignatureId |
Signature Id |
uint64 |
|
|
ipsClassificationId |
IPS Classification Id |
uint64 |
|
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
iocNum |
IOC Number |
uint32 |
|
|
fireAmpImpactFlag |
FireAmp Impact Flag |
uint16 |
|
|
fireAmpImpact |
FireAmp Impact |
uint16 |
|
|
eventAction |
Event Action |
uint16 |
This is an unsigned integer boolean. 0 means permitted, 1 means blocked. It is used by various parsers to indicate success / failure or permit/deny. |
|
mplsLabel |
MPLS Label |
uint32 |
|
|
hostVLAN |
Host VLAN |
uint16 |
Host VLAN Number |
|
userId |
User Id |
string |
|
|
webAppId |
Web App Id |
uint32 |
|
|
clientAppId |
Client App Id |
uint32 |
|
|
appProtoId |
App Proto Id |
uint32 |
|
|
fwRule |
Firewall Rule |
string |
Firewall Rule Name |
|
policyName |
Policy Name |
string |
|
|
srcIntfName |
Source Interface Name |
string |
Name of the network interface through which a packet enters a network device. This information is typically present in Firewall logs. |
|
destIntfName |
Destination Interface Name |
string |
Name of the network interface through which a packet exits a network device. This information is typically present in Firewall logs. |
|
srcFwZone |
Source Firewall Zone |
string |
Source Firewall Zone found in Firewall logs |
|
destFwZone |
Destination Firewall Zone |
string |
Destination Firewall Zone found in Firewall logs |
|
connEventTime |
Connection Event Time |
Date |
|
|
connCounter |
Connection Counter |
uint64 |
|
|
srcGeoCountryCode |
Source Country Number |
uint32 |
|
|
destGeoCountryCode |
Destination Country Number |
uint32 |
|
EventType: PH_DEV_MON_FIREAMP_MALWARE
Description: FireAMP Malware event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
envSensorId |
Env Sensor Id |
string |
|
|
deviceTime |
Device Time |
Date |
This is the timestamp as seen in the raw log. This is converted and stored as epoch milliseconds. Note that the deviceTime, or event occur time, is different than the event receive time by the SIEM. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
fileName |
File Name |
string |
|
|
filePath |
File Path |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
|
fileType |
File Type |
string |
|
|
fileTimestamp |
File Timestamp |
Date |
|
|
hashAlgo |
Hash Algorithm |
string |
|
|
hashCode |
Hash Code |
string |
|
|
fileDirection |
File Direction |
uint16 |
|
|
fireAmpFileAction |
FireAmp File Action |
uint16 |
|
|
parentFileName |
Parent File Name |
string |
|
|
parentFileHashCode |
Parent File Hash Code |
string |
|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
threatScore |
Threat Score |
uint16 |
|
|
fireAmpDisposition |
FireAmp Disposition |
uint16 |
|
|
fireAmpRetrospectiveDisposition |
FireAmp Retrospective Disposition |
uint16 |
|
|
iocNum |
IOC Number |
uint32 |
|
|
accessCtlPolicyId |
Access Control Policy Id |
uint32 |
|
|
srcGeoCountryCode |
Source Country Number |
uint32 |
|
|
destGeoCountryCode |
Destination Country Number |
uint32 |
|
|
webAppId |
Web App Id |
uint32 |
|
|
clientAppId |
Client App Id |
uint32 |
|
|
applicationId |
Application Id |
uint32 |
|
|
connEventTime |
Connection Event Time |
Date |
|
|
connCounter |
Connection Counter |
uint64 |
|
|
cloudSecIntelId |
Cloud Security Intel Id |
uint32 |
|
EventType: PH_DEV_MON_FIREAMP_USER_LOGIN
Description: FireAMP user login event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
deviceTime |
Device Time |
Date |
This is the timestamp as seen in the raw log. This is converted and stored as epoch milliseconds. Note that the deviceTime, or event occur time, is different than the event receive time by the SIEM. |
|
user |
User |
string |
|
|
userId |
User Id |
string |
|
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
emailId |
Email Id |
string |
|
|
loginType |
Login Type |
string |
|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DEV_MON_FORTIAP_INTF_UTIL
Description: FortiAP interface performance
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_FORTIAP_PERF
Description: FortiAP performance
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_FORTIAP_STAT
Description: FortiAP Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
sysUpTime |
System Uptime |
uint32 |
|
|
wtpDaemonUpTime |
WLAN AP Daemon Uptime |
uint32 |
WLAN AP Daemon Uptime found in SNMP based WLAN monitoring |
|
wtpSessionUpTime |
WLAN AP Session Uptime |
uint32 |
WLAN AP Session Uptime found in SNMP based WLAN monitoring |
|
numWlanClient |
WLAN Station Count |
uint32 |
WLAN Station Count found in SNMP based WLAN monitoring |
|
ftntWtpSessionStatus |
WLAN AP Session Status |
uint32 |
WLAN AP Session Status found in SNMP based WLAN monitoring |
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_FORTIGATE_INTF_UTIL
Description: Fortigate interface performance
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_FORTIGATE_PERF
Description: Fortigate performance
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_FORTIMAIL_SESSION_COUNT
Description: FortiMail session count
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
EventType: PH_DEV_MON_FORTIMAIL_SYS_LOAD
Description: FortiMail system load
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
numJob |
Average System Job |
uint32 |
|
EventType: PH_DEV_MON_FORTINET_PROCESSOR_USAGE
Description: FortiGate Firewall Processor Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cpuName |
CPU Name |
string |
|
|
sysCpuUtil |
System CPU Util |
double |
|
|
userCpuUtil |
User CPU Util |
double |
|
|
cpuUtil |
CPU Util |
double |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
recvPktsPerSec |
Received Packet Rate |
double |
Received Packet rate (packets/sec) |
|
sentPktsPerSec |
Sent Packet Rate |
double |
Sent Packet rate (packets/sec) |
|
totPktDrop |
Dropped Packets |
uint64 |
Packets dropped |
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_FORTINET_QOS
Description: Fortinet QoS metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
qosClassId |
QoS Class Id |
uint32 |
|
|
direction |
Direction |
string |
|
|
guaranteedBandwidth |
Guaranteed Bandwidth |
double |
|
|
allocatedBandwidth |
Allocated Bandwidth |
double |
|
|
peakBandwidth |
Peak Bandwidth |
double |
|
|
currentBandwidth |
Current Bandwidth |
double |
|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
|
totPktDrop |
Dropped Packets |
uint64 |
Packets dropped |
EventType: PH_DEV_MON_FORTISWITCH_PERF
Description: FortiSwitch performance
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_FORTIWLC_QOS_STAT
Description: FortiWLC QoS statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
qosSessionCount |
QoS Session Count |
uint32 |
|
|
qosH323SessionCount |
QoS H.323 Seession Count |
uint32 |
|
|
qosSipSessionCount |
QoS SIP Session Count |
uint32 |
|
|
qosSccpSessionCount |
QoS SCCP Session Count |
uint32 |
|
|
qosRejectedSessionCount |
QoS Rejected Session Count |
uint32 |
|
|
qosRejectedH323SessionCount |
QoS Rejected H.323 Session Count |
uint32 |
|
|
qosRejectedSipSessionCount |
QoS Rejected SIP Session Count |
uint32 |
|
|
qosRejectedSccpSessionCount |
QoS Rejected SCCP Session Count |
uint32 |
|
|
qosPendingSessionCount |
QoS Pending Session Count |
uint32 |
|
|
qosH323PendingSessionCount |
QoS H.323 Pending Session Count |
uint32 |
|
|
qosSipPendingSessionCount |
QoS SIP Pending Session Count |
uint32 |
|
|
qosSccpPendingSessionCount |
QoS SCCP Pending Session Count |
uint32 |
|
|
qosActiveFlowCount |
QoS Active Flow Count |
uint32 |
|
|
qosPendingFlowCount |
QoS Pending Flow Count |
uint32 |
|
EventType: PH_DEV_MON_FORTIWLC_STATIONS
Description: FortiWLC Station Count
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
station11a |
802.11a Station Count |
uint32 |
|
|
station11b |
802.11b Station Count |
uint32 |
|
|
station11bg |
802.11bg Station Count |
uint32 |
|
|
stationData |
Data Station Copunt |
uint32 |
|
|
stationPhone |
Phone Station Count |
uint32 |
|
|
stationWired |
Wired Station Count |
uint32 |
|
|
stationUnknown |
Unknown Station Count |
uint32 |
|
EventType: PH_DEV_MON_FORTIWLC_SYS_THRUPUT
Description: FortiWLC system throughput
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
wlanRecvBitsPerSec |
WLAN Recv Rate bps |
double |
WLAN Recv Rate (in bits/sec)s found in SNMP based WLAN monitoring |
|
wlanSentBitsPerSec |
WLAN Sent Rate bps |
double |
WLAN Sent Rate (in bits/sec) found in SNMP based WLAN monitoring |
EventType: PH_DEV_MON_FPC_LIEBERT_METRIC
Description: Liebert FPC metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
outputVoltageXNVolts |
Output Voltage X-N |
uint32 |
|
|
outputVoltageYNVolts |
Output Voltage Y-N |
uint32 |
|
|
outputVoltageZNVolts |
Output Voltage Z-N |
uint32 |
|
|
outputCurrentXAmps |
Output Current X Amps |
uint32 |
|
|
outputCurrentYAmps |
Output Current Y Amps |
uint32 |
|
|
outputCurrentZAmps |
Output Current Z Amps |
uint32 |
|
|
neutralCurrentAmps |
Neutral Current Amps |
uint32 |
|
|
groundCurrentAmps |
Ground Current Amps |
double |
|
|
outputPowerWatts |
Output Power Watts |
uint32 |
|
|
powerFactor |
Power Factor |
uint32 |
|
|
outputFrequency |
Output Frequency Hz |
uint32 |
|
|
outputVxTHD |
Output Vx THD |
double |
|
|
outputVyTHD |
Output Vy THD |
double |
|
|
outputVzTHD |
Output Vz THD |
double |
|
|
outputLxTHD |
Output lx THD |
double |
|
|
outputLyTHD |
Output ly THD |
double |
|
|
outputLzTHD |
Output lz THD |
double |
|
|
outputKWh |
Output kWh |
double |
|
|
outputLxCrestFactor |
Output lx Crest Factor |
double |
|
|
outputLyCrestFactor |
Output ly Crest Factor |
double |
|
|
outputLzCrestFactor |
Output lz Crest Factor |
double |
|
|
outputLxKFactor |
Output lx K-Factor |
double |
|
|
outputLyKFactor |
Output ly K-Factor |
double |
|
|
outputLzKFactor |
Output lz K-Factor |
double |
|
|
outputLxCapacity |
Output lx Capacity |
uint32 |
|
|
outputLyCapacity |
Output ly Capacity |
uint32 |
|
|
outputLzCapacity |
Output lz Capacity |
uint32 |
|
EventType: PH_DEV_MON_FW_CONN_UTIL
Description: Firewall connection count stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
fwConnCount |
Firewall Session |
uint32 |
Number of concurrent sessions, typically found in Stateful Firewall performance statistic log |
|
fwConnPct |
Firewall Session Utilization |
double |
Concurrent sessions utilization defined as the ratio of concurrent sessions and max allowed concurrent sessions, typically found in Stateful Firewall performance statistic log |
|
pollIntv |
Polling Interval |
uint32 |
|
|
fwConnMax |
Max Firewall Conn |
uint32 |
Maximum number of Firewall Connections reported by Firewalls. |
|
tcpFwConnCount |
TCP Connection |
uint32 |
Total number of TCP Connections reported by Firewalls. |
|
udpFwConnCount |
UDP Connection |
uint32 |
Total number of UDP Connections reported by Firewalls. |
|
icmpFwConnCount |
ICMP Connection |
uint32 |
Total number of ICMP Connections reported by Firewalls. |
|
fwConnRate |
Firewall Session Rate |
uint32 |
|
EventType: PH_DEV_MON_GITHUB_BRANCH_EVENT
Description: GitHub Branch Create/Delete Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
branchName |
Branch Name |
string |
|
|
actionName |
Notification Action Name |
string |
|
EventType: PH_DEV_MON_GITHUB_COMMIT
Description: User committed code to a GitHub repository
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
comment |
Comment |
string |
|
|
srcFileName |
Source File Name |
string |
|
|
actionName |
Notification Action Name |
string |
|
EventType: PH_DEV_MON_GITHUB_EVENT
Description: GitHub event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
EventType: PH_DEV_MON_GITHUB_FORK_REPOSITORY_EVENT
Description: GitHub Repository Fork Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
|
newRepoName |
New Repository Name |
string |
|
EventType: PH_DEV_MON_GITHUB_ISSUE_EVENT
Description: GitHub Issue Action Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
|
title |
Title |
string |
|
|
issueBody |
Issue Body |
string |
|
|
status |
Status |
string |
|
EventType: PH_DEV_MON_GITHUB_MEMBER_EVENT
Description: GitHub user membership and permission change event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
|
memberName |
Member Name |
string |
|
EventType: PH_DEV_MON_GITHUB_ORG_EVENT
Description: GitHub Organization User Block/Unblock Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
EventType: PH_DEV_MON_GITHUB_PROJECT_EVENT
Description: GitHub Project Action Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
|
projectName |
Project Name |
string |
|
EventType: PH_DEV_MON_GITHUB_PULL_REQUEST_EVENT
Description: GitHub Pull Request Action Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
|
title |
Title |
string |
|
|
requestBody |
Request Body |
string |
|
EventType: PH_DEV_MON_GITHUB_PULL_REQUEST_REVIEW_EVENT
Description: GitHub Pull Request Review Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
|
title |
Title |
string |
|
|
requestBody |
Request Body |
string |
|
|
reviewBody |
Review Body |
string |
|
EventType: PH_DEV_MON_GITHUB_REPOSITORY_EVENT
Description: GitHub Repository Create/Delete Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
EventType: PH_DEV_MON_GITHUB_TAG_EVENT
Description: GitHub Tag Create/Delete Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
tagName |
Tag Name |
string |
|
|
actionName |
Notification Action Name |
string |
|
EventType: PH_DEV_MON_GLASSFISH_APP
Description: Glassfish application server settings and metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_CONN_STAT
Description: Glassfish http connection statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_CPU
Description: Glassfish CPU usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_DB_POOL
Description: Glassfish database pool metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_EJB
Description: Glassfish EJB metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_JMS
Description: Glassfish JMS usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_MEMORY
Description: Glassfish memory usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_REQUEST_PROCESSOR
Description: Glassfish request processor metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_SERVLET
Description: Glassfish servlet metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_SESSION
Description: Glassfish session metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_THREAD_POOL
Description: Glassfish thread pool usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HARDWARE_STATUS
Description: Overall hardware Health status for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HOST_PERF_STATE
Description: Host performance monitoring state
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
durationHostNormal |
Duration Normal |
uint32 |
|
|
durationHostWarn |
Duration Warning |
uint32 |
|
|
durationHostCrit |
Duration Critical |
uint32 |
|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
EventType: PH_DEV_MON_HVAC_LIEBERT_METRIC
Description: Liebert HVAC metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envTempDegC |
Temperature Celsius |
uint32 |
|
|
envTempHighThreshDegC |
High Temperature Threshold Celsius |
uint32 |
|
|
envTempLowThreshDegC |
Low Temperature Threshold Celsius |
uint32 |
|
|
envTempOffHighDegC |
Temp Offset High Celsius |
uint32 |
|
|
envTempOffLowDegC |
Temp Offset Low Celsius |
uint32 |
|
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
|
envTempHighThreshDegF |
High Temperature Threshold Fahrenheit |
uint32 |
|
|
envTempLowThreshDegF |
Low Temperature Threshold Fahrenheit |
uint32 |
|
|
envTempOffHighDegF |
Temp Offset High Fahrenheit |
uint32 |
|
|
envTempOffLowDegF |
Temp Offset Low Fahrenheit |
uint32 |
|
|
envHumidityRel |
Relative Humidity |
uint32 |
|
|
envHumidityRelHighThresh |
High Relative Humidity Threshold |
uint32 |
|
|
envHumidityRelLowThresh |
Low Relative Humidity Threshold |
uint32 |
|
|
envHumidityOffHigh |
Humidity Offset High |
uint32 |
|
|
envHumidityOffLow |
Humidity Offset Low |
uint32 |
|
|
lgpSystemState |
Liebert HVAC System State |
uint16 |
|
|
lgpDehumidState |
Liebert HVAC Dehumidifying State |
uint16 |
|
EventType: PH_DEV_MON_HW_AIRFLOW
Description: Airflow measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
envAirFlow |
Air Flow 0.1meter/min |
uint32 |
|
EventType: PH_DEV_MON_HW_AMP
Description: Current measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
envCurrentAmp |
Current Amp |
double |
|
EventType: PH_DEV_MON_HW_AUDIO
Description: Audio sensor measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
envAudioLevel |
Audio sensor level |
uint32 |
|
EventType: PH_DEV_MON_HW_CAMERA_MOTION
Description: Camera motion sensor measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
cameraMotionSensorVal |
Camera Motion Sensor Value |
string |
|
EventType: PH_DEV_MON_HW_CHASSIS_COMP_STAT
Description: Chassis component environmental measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwCompAdminStateStr |
Chassis Com Admin State |
string |
|
|
hwCompOperStateStr |
Chassis Comp Operational State |
string |
|
|
hwCompSwStateStr |
Chassis Comp Software State |
string |
|
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
|
envTempHighThreshDegF |
High Temperature Threshold Fahrenheit |
uint32 |
|
EventType: PH_DEV_MON_HW_CURRENT
Description: Current measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HW_DEWPT
Description: Dew point measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
envTempDegC |
Temperature Celsius |
uint32 |
|
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
EventType: PH_DEV_MON_HW_DOOR_SWITCH
Description: Door switch sensor measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
doorSwitchSensorVal |
Door Switch Sensor Value |
string |
|
EventType: PH_DEV_MON_HW_DRY_CONTACT
Description: Dry contact sensor measrement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
dryContactSensorVal |
Dry Contact Sensor Value |
string |
|
EventType: PH_DEV_MON_HW_FAN_SPEED
Description: Fan Speed measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
fanSpeed |
Fan Speed |
double |
|
EventType: PH_DEV_MON_HW_HUMIDITY
Description: Relative humidity measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
envHumidityRel |
Relative Humidity |
uint32 |
|
|
envSensorLoc |
Sensor Location |
string |
|
|
envHumidityRelHighThresh |
High Relative Humidity Threshold |
uint32 |
|
|
envHumidityRelLowThresh |
Low Relative Humidity Threshold |
uint32 |
|
EventType: PH_DEV_MON_HW_POWER
Description: Power measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HW_PS_STAT
Description: Power supply environmental measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envPSTrayId |
Power Supply Tray Id |
string |
|
|
hwPowerSupply1StatusStr |
Power Supply 1 State |
string |
|
|
hwPowerSupply2StatusStr |
Power Supply 2 State |
string |
|
|
hwTempSensorStatusStr |
Power Supply Temp Sensor State |
string |
|
|
envTempHighThreshDegF |
High Temperature Threshold Fahrenheit |
uint32 |
|
|
envPSInputStateStr |
Power Supply Input State |
string |
|
|
envPSOutputStateStr |
Power Supply Output State |
string |
|
|
envPSACStateStr |
Power Supply AC State |
string |
|
|
envPSDCStateStr |
Power Supply DC State |
string |
|
EventType: PH_DEV_MON_HW_STACK_UNIT
Description: Stack unit status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
|
cpuUtil |
CPU Util |
double |
|
|
memUtil |
Memory Util |
double |
|
EventType: PH_DEV_MON_HW_STATUS
Description: Hardware health status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwBatteryStatus |
Hardware Battery Status |
uint16 |
Hardware Battery Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwDiskStatus |
Hardware Disk Status |
uint16 |
Hardware Disk Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwMemoryStatus |
Hardware Memory Status |
uint16 |
Hardware Memory Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwPowerSupplyStatus |
Hardware Power Supply Status |
uint16 |
Hardware Power Supply Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwTempSensorStatus |
Hardware Temperature Sensor Status |
uint16 |
Hardware Temperature Sensor Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwFanStatus |
Hardware Fan Status |
uint16 |
Hardware Fan Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwAmpStatus |
Hardware Amp Status |
uint16 |
Hardware Amp Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwVoltageStatus |
Hardware Voltage Status |
uint16 |
Hardware Voltage Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwFailedPowerSupplyCount |
Failed Power Supply Count |
uint16 |
Failed Power Supply Count from SNMP based hardware monitoring |
|
hwFailedFanCount |
Failed Fan Count |
uint16 |
Failed Fan Count from SNMP based hardware monitoring |
|
hwLCCStatus |
Storage LCC Status |
uint16 |
|
|
hwLinkStatus |
Storage Link Status |
uint16 |
|
|
hwPortStatus |
Storage Port Status |
uint16 |
|
|
hwHotSpareDiskCount |
Hot Spare Disk Count |
uint32 |
|
|
hwMiscCompStatus |
Misc Component Status |
uint16 |
|
|
hwRaidStatus |
Hardware Raid Status |
uint16 |
Hardware Raid Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwRelHumidStatus |
Relative Humidity Status |
uint16 |
|
|
hwDewPtStatus |
Dew Point Status |
uint16 |
|
|
hwAudioStatus |
Audio Sensor Status |
uint16 |
|
|
hwAirFlowStatus |
Air Flow Status |
uint16 |
|
|
hwGenNumericSensorStatus |
Generic Numeric Sensor Status |
uint16 |
|
|
hwDryContactStatus |
Dry Contact Status |
uint16 |
|
|
hwDoorSwitchStatus |
Door Switch Status |
uint16 |
|
|
hwCameraMotionStatus |
Camera Motion Status |
uint16 |
|
|
hwGenStateSensorStatus |
Generic State Sensor Status |
uint16 |
|
|
hwPowerEnclosureStatus |
Hardware Power Enclosure Status |
uint16 |
Hardware Power Enclosure Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwChassisStatus |
Hardware Chassis Status |
uint16 |
Hardware Chassis Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwIOMStatus |
Hardware IO Module Status |
uint16 |
Hardware IO Module Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwKVMStatus |
Hardware KVM Status |
uint16 |
Hardware KVM Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwRedundantStatus |
Hardware Redundancy Status |
uint16 |
Hardware Redundancy Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwBladeStatus |
Hardware Blade Status |
uint16 |
Hardware Blade Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwDellCMCStatus |
Hardware Dell CMC Status |
uint16 |
Hardware Dell CMC Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwFileSystemStatus |
File System Status |
uint16 |
|
|
hwStackUnitStatus |
Hardware Stack Unit Status |
uint16 |
Hardware Stack Unit Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwProbeStatus |
Hardware Probe Status |
uint16 |
Hardware Probe Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwInputContactStatus |
Hardware Input Contact Status |
uint16 |
Hardware Input Contact Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwOutputRelayStatus |
Hardware Output Relay Status |
uint16 |
Hardware Output Relay Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwOutletStatus |
Hardware Outlet Status |
uint16 |
Hardware Outlet Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwAlarmDeviceStatus |
Hardware Alarm Device Status |
uint16 |
Hardware Alarm Device Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwMemSensorStatus |
Hardware Mem Sensor Status |
uint16 |
Hardware Mem Sensor Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwMemOutputStatus |
Hardware Mem Output Status |
uint16 |
Hardware Mem Output Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwMemOutletStatus |
Hardware Outlet Status |
uint16 |
Hardware Outlet Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwMemBeaconStatus |
Hardware Mem Beacon Status |
uint16 |
Hardware Mem Beacon Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwSlotStatus |
Hardware Slot Status |
uint16 |
Hardware Slot Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
EventType: PH_DEV_MON_HW_STATUS_AIRFLOW_CRIT
Description: Airflow critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_AIRFLOW_WARN
Description: Airflow warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_ALARMDEVICE_CRIT
Description: Alarm Device hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_ALARMDEVICE_WARN
Description: Alarm Device hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_AMP_CRIT
Description: Amp hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_AMP_WARN
Description: Amp hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_AUDIO_CRIT
Description: Audio sensor critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_AUDIO_WARN
Description: Audio sensor warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_BATTERY_CRIT
Description: Battery hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_BATTERY_WARN
Description: Battery hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_CAMERA_MOTION_CRIT
Description: Camera motion critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_CAMERA_MOTION_WARN
Description: Camera motion warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DEWPT_CRIT
Description: Dew Point temperature critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DEWPT_WARN
Description: Dew Point temperature warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DISK_CRIT
Description: Disk hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DISK_WARN
Description: Disk hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DOOR_SWITCH_CRIT
Description: Door switch critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DOOR_SWITCH_WARN
Description: Door switch warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DRY_CONTACT_CRIT
Description: Dry Contact sensor critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DRY_CONTACT_WARN
Description: Dry Contact Sensor warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_FAN_CRIT
Description: Fan hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_FAN_WARN
Description: Fan hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_FILESYSTEM_CRIT
Description: File system hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_FILESYSTEM_WARN
Description: File system hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_GEN_NUMERIC_SENSOR_CRIT
Description: Generic Numeric Sensor critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_GEN_NUMERIC_SENSOR_WARN
Description: Generic Numeric Sensor warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_GEN_STATE_SENSOR_CRIT
Description: Generic state sensor critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_GEN_STATE_SENSOR_WARN
Description: Generic state sensor warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_HUMIDITY_CRIT
Description: Relative humidity critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_HUMIDITY_WARN
Description: Relative humidity warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_INPUTCONTACT_CRIT
Description: Input Contact hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_INPUTCONTACT_WARN
Description: Input Contact hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_LCC_CRIT
Description: SAN Link Control Card hardware critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_LCC_WARN
Description: SAN Link Control Card hardware warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_LINK_CRIT
Description: SAN host link critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_LINK_WARN
Description: SAN host link warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMBEACON_CRIT
Description: Memory Beacon hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMBEACON_WARN
Description: Memory Beacon hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMORY_CRIT
Description: Memory hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMORY_WARN
Description: Memory hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMOUTLET_CRIT
Description: Memory Outlet hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMOUTLET_WARN
Description: Memory Outlet hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMOUTPUT_CRIT
Description: Memory Output hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMOUTPUT_WARN
Description: Memory Output hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMSENSOR_CRIT
Description: Memory Sensor hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMSENSOR_WARN
Description: Memory Sensor hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MISC_CRIT
Description: Miscellaneous hardware critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MISC_WARN
Description: Miscellaneous hardware warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_OUTLET_CRIT
Description: Outlet hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_OUTLET_WARN
Description: Outlet hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_OUTPUTRELAY_CRIT
Description: Output relay hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_OUTPUTRELAY_WARN
Description: Output relay hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_PORT_CRIT
Description: SAN storage port hardware critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_PORT_WARN
Description: SAN storage port hardware warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_POWERSUPPLY_CRIT
Description: Power supply hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_POWERSUPPLY_WARN
Description: Power supply hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_POWER_ENCLOSURE_CRIT
Description: Power enclosure health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_POWER_ENCLOSURE_WARN
Description: Power enclosure health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_PROBE_CRIT
Description: Probe hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_PROBE_WARN
Description: Probe hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_SLOT_CRIT
Description: Hardware Status Critical
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_SLOT_WARN
Description: Hardware Status Warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_STACKUNIT_CRIT
Description: Stackunit critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_STACKUNIT_WARN
Description: Stackunit warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_TEMP_CRIT
Description: Temperature sensor hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_TEMP_WARN
Description: Temperature sensor hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_VOLTAGE_CRIT
Description: Voltage hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_VOLTAGE_WARN
Description: Voltage hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_TEMP
Description: Temperature measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
envTempDegC |
Temperature Celsius |
uint32 |
|
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
|
envTempHighThreshDegC |
High Temperature Threshold Celsius |
uint32 |
|
|
envTempOffHighDegC |
Temp Offset High Celsius |
uint32 |
|
|
envTempHighThreshDegF |
High Temperature Threshold Fahrenheit |
uint32 |
|
|
envTempOffHighDegF |
Temp Offset High Fahrenheit |
uint32 |
|
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
envSensorLoc |
Sensor Location |
string |
|
|
envTempLowThreshDegF |
Low Temperature Threshold Fahrenheit |
uint32 |
|
|
envTempLowThreshDegC |
Low Temperature Threshold Celsius |
uint32 |
|
EventType: PH_DEV_MON_HW_VOLTAGE
Description: Voltage measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
envVoltage |
Voltage |
double |
|
EventType: PH_DEV_MON_HYPERV_CPU_GUEST_VIRTUAL_PROC
Description: HyperV Guest Virtual Processor Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_CPU_LOGICAL_PROC
Description: HyperV Logical Processor Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_CPU_ROOT_VIRTUAL_PROC
Description: HyperV Root Virtual Processor Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_OVERALL
Description: HyperV Root Memory Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_PARTITION
Description: HyperV Memory Partition usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_PARTITION_PER_VM
Description: HyperV per-VM Memory Partition usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_ROOT_PARTITION
Description: HyperV Root Partition Total Memory Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_ROOT_PARTITION_ROOT
Description: HyperV Root Partition Root Memory Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_VID_PARTITION
Description: HyperV VID Partition Memory Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_VID_PARTITION_PER_VM
Description: HyperV per-VM VID Partition Memory Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_NET_LEGACY_ADAPTER
Description: HyperV Virtual Switch Per Adapter Network Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_NET_VIRTUAL_ADAPTER
Description: HyperV Virtual Switch Per Adapter Network Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_NET_VIRTUAL_SWITCH
Description: HyperV Virtual Switch Network Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_OVERALL_HEALTH
Description: HyperV Machine Health Summary
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_OVERALL_SYSINFO
Description: HyperV System Information
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_STORAGE_LOGICAL_DISK
Description: HyperV Logical Disk Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_STORAGE_VIRTUAL_IDE_CONTROLLER
Description: HyperV IDE Controller Storage Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_STORAGE_VIRTUAL_STORAGE
Description: HyperV Virtual Storage Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_INCOMING_EXCEED_GUARANTEED
Description: Incoming eps exceeded Guaranteed eps at a collector
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
|
collectorId |
Collector ID |
uint32 |
This field captures the ID of a FortiSIEM Collector |
|
phCollectorName |
Collector Name |
string |
Name of the FortiSIEM Collector. The name is set in GUI. |
|
incomingEventsPerSec |
Incoming Event Rate |
double |
This is a FortiSIEM event ingestion rate calculated every 3 minutes, divided by 180 to generate a rolling EPS (Events Per Second) interval. |
|
guaranteedEventsPerSec |
Guaranteed EPS |
uint64 |
|
EventType: PH_DEV_MON_INTF_ADMIN_DOWN_TO_UP
Description: Network Interface administratively came back up
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
intfAlias |
Host Interface Alias |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DEV_MON_INTF_ADMIN_UP_TO_DOWN
Description: Network Interface administratively went down
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
intfAlias |
Host Interface Alias |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DEV_MON_INTF_OPER_DOWN_TO_UP
Description: Network Interface operationally came back up
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
intfAlias |
Host Interface Alias |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DEV_MON_INTF_OPER_UP_TO_DOWN
Description: Network Interface operationally went down
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
intfAlias |
Host Interface Alias |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DEV_MON_INTF_USAGE_TOTAL
Description: Aggregate Interface Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
EventType: PH_DEV_MON_IPSLA_HTTP_MET
Description: IP SLA HTTP Performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipSLAProto |
IP SLA Protocol |
string |
Name of the IP Service Level Agreement (SLA) protocol. This parameter is set during IPSLA monitoring |
|
httpResponseTimeMs |
HTTP Response Time ms |
uint32 |
|
|
dnsResponseTimeMs |
DNS Response Time ms |
uint32 |
|
|
tcpConnectResponseTimeMs |
TCP Connect Response Time ms |
uint32 |
|
|
httpTransactResponseTimeMs |
HTTP Transaction Response Time ms |
uint32 |
|
|
ipslaHttpStatus |
IPSLA HTTP Status |
uint32 |
|
|
ipslaHttpStatusDesc |
IPSLA HTTP Status Description |
string |
|
|
httpStatusCode |
HTTP Status |
string |
|
EventType: PH_DEV_MON_IPSLA_ICMP_MET
Description: ICMP performance metrics collected via IP SLA
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
ipslaTestName |
IP SLA Test Name |
string |
|
|
icmpResponseTimeMs |
ICMP Response Time ms |
uint32 |
|
EventType: PH_DEV_MON_IPSLA_MET
Description: IP SLA performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipSLAProto |
IP SLA Protocol |
string |
Name of the IP Service Level Agreement (SLA) protocol. This parameter is set during IPSLA monitoring |
|
tos |
IP Type of Service |
uchar |
The type of service (ToS) field present in the IPv4 header. Typically present in Netflow. |
|
dscp |
DSCP |
uchar |
|
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
avgJitterMs |
Avg Jitter |
uint32 |
Average Jitter (msec) |
|
maxJitterMs |
Max Jitter |
uint32 |
Miaximum Jitter (msec) |
|
minJitterMs |
Min Jitter |
uint32 |
Minimum Jitter (msec) |
|
avgJitterSDMs |
Avg SD Jitter |
uint32 |
Average Source to Destination Jitter (msec) |
|
maxJitterSDMs |
Max SD Jitter |
uint32 |
Maximum Source to Destination Jitter (msec) |
|
minJitterSDMs |
Min SD Jitter |
uint32 |
Minimum Source to Destination Jitter (msec) |
|
avgJitterDSMs |
Avg DS Jitter |
uint32 |
Average Destination to Source Jitter (msec) |
|
maxJitterDSMs |
Max DS Jitter |
uint32 |
Maximum Destination to Source Jitter (msec) |
|
minJitterDSMs |
Min DS Jitter |
uint32 |
Minimum Destination to Source Jitter (msec) |
|
pktLost |
Packets Lost |
uint32 |
Total Packets lost (includes Source to Destination and reverse) |
|
pktLostSD |
SD Packets Lost |
uint32 |
Packets lost from Source to Destination |
|
pktLostDS |
DS Packets Lost |
uint32 |
Packets lost from Destination to Source |
|
pktMIA |
Packets Missing |
uint32 |
Packets missing |
|
pktLate |
Packets Late |
uint32 |
Packets late |
|
pktOutSeq |
Pkt Out-of-Seq |
uint32 |
|
EventType: PH_DEV_MON_IPSLA_UDP_MET
Description: IP SLA UDP Performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
udpResponseTimeMs |
UDP Response Time ms |
uint32 |
|
|
ipslaUdpStatus |
IPSLA UDP Status |
uint32 |
|
|
ipslaUdpStatusDesc |
IPSLA UDP Status Description |
string |
|
EventType: PH_DEV_MON_IPSLA_VOIP_MET
Description: VOIP performance metrics collected via IP SLA
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipSLAProto |
IP SLA Protocol |
string |
Name of the IP Service Level Agreement (SLA) protocol. This parameter is set during IPSLA monitoring |
|
codec |
VoIP Codec |
string |
|
|
tos |
IP Type of Service |
uchar |
The type of service (ToS) field present in the IPv4 header. Typically present in Netflow. |
|
dscp |
DSCP |
uchar |
|
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
avgJitterMs |
Avg Jitter |
uint32 |
Average Jitter (msec) |
|
maxJitterMs |
Max Jitter |
uint32 |
Miaximum Jitter (msec) |
|
minJitterMs |
Min Jitter |
uint32 |
Minimum Jitter (msec) |
|
avgJitterSDMs |
Avg SD Jitter |
uint32 |
Average Source to Destination Jitter (msec) |
|
maxJitterSDMs |
Max SD Jitter |
uint32 |
Maximum Source to Destination Jitter (msec) |
|
minJitterSDMs |
Min SD Jitter |
uint32 |
Minimum Source to Destination Jitter (msec) |
|
avgJitterDSMs |
Avg DS Jitter |
uint32 |
Average Destination to Source Jitter (msec) |
|
maxJitterDSMs |
Max DS Jitter |
uint32 |
Maximum Destination to Source Jitter (msec) |
|
minJitterDSMs |
Min DS Jitter |
uint32 |
Minimum Destination to Source Jitter (msec) |
|
pktLost |
Packets Lost |
uint32 |
Total Packets lost (includes Source to Destination and reverse) |
|
pktLostSD |
SD Packets Lost |
uint32 |
Packets lost from Source to Destination |
|
pktLostDS |
DS Packets Lost |
uint32 |
Packets lost from Destination to Source |
|
pktMIA |
Packets Missing |
uint32 |
Packets missing |
|
pktLate |
Packets Late |
uint32 |
Packets late |
|
pktOutSeq |
Pkt Out-of-Seq |
uint32 |
|
|
mosScore |
MOS Score |
double |
MOS (Mean Opinion Score) measures the perceived quality of VoIP audio on a scale from 1 to 5, with 5 being the best possible score. A high MOS rate indicates that the audio quality is good, while a low MOS rate indicates poor audio quality. |
|
icpifScore |
ICPIF Score |
uint32 |
ICPIF (Impairment/Calculated Planning Impairment Factor) quantifies the key impairments to voice quality that are encountered in the network. ICPIF values are expressed in a typical range of 5 (very low impairment) to 55 (very high impairment). |
EventType: PH_DEV_MON_IRONPORT_MAIL_USAGE
Description: Cisco Ironport Mail Usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
workQueueMsgCount |
Mail Work Queue Count |
uint32 |
|
|
diskIOUtil |
Disk IO Util |
double |
|
|
mailQueueUtil |
Mail Queue Util |
double |
|
|
msgAge |
Oldest Message Age sec |
uint32 |
|
|
outstandingDNS |
Outstanding DNS Req |
uint32 |
|
|
pendingDNS |
Pending DNS Req |
uint32 |
|
|
openFile |
Open File Count |
uint32 |
|
|
mtaThreadCount |
MTA Thread Count |
uint32 |
|
|
queueAvailStatus |
Mail Queue Avail Status |
string |
|
EventType: PH_DEV_MON_ISILON_CLUSTER_HEALTH
Description: Isilon Cluster health and performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
svcStatus |
Service Health |
string |
|
|
clusterOnlineMember |
Cluster Online Members |
string |
|
|
clusterOfflineMember |
Cluster Offline Members |
string |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
cpuUtil |
CPU Util |
double |
|
|
userCpuUtil |
User CPU Util |
double |
|
|
kernCpuUtil |
Kernel CPU Util |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
netSentKBytesPerSec |
Net Sent Rate KBps |
double |
|
|
netRecvdKBytesPerSec |
Net Received Rate KBps |
double |
|
EventType: PH_DEV_MON_ISILON_CLUSTER_MEMBERSHIP_CHANGE
Description: Isilon cluster membership change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
addedItem |
Added Item |
string |
|
|
deletedItem |
Deleted Item |
string |
|
EventType: PH_DEV_MON_ISILON_CLUSTER_QUOTA
Description: Isilon quota utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
quotaName |
Quota Name |
string |
|
|
quotaType |
Quota Type |
string |
|
|
quotaSoftThresholdBytes |
Quota Soft Threshold Bytes |
uint64 |
|
|
quotaHardThresholdBytes |
Quota Hard Threshold Bytes |
uint64 |
|
|
quotaAdvThresholdBytes |
Quota Advisory Threshold Bytes |
uint64 |
|
|
quotaUsageBytes |
Quota Usage Bytes |
uint64 |
|
|
quotaUsageWithOverheadBytes |
Quota Usage With Overhead Bytes |
uint64 |
|
|
quotaInodeUsage |
Quota Inode Usage |
uint64 |
|
|
gracePeriod |
Quota Grace Period |
uint64 |
|
EventType: PH_DEV_MON_ISILON_CLUSTER_SNAPSHOT
Description: Isilon snapshot usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
snapshotName |
Snapshot Name |
string |
|
|
snapshotDescription |
Snapshot Description |
string |
|
|
snapshotPath |
Snapshot Path |
string |
|
|
snapshotCreateTime |
Snapshot Create Time |
Date |
|
|
snapshotExpiryTime |
Snapshot Expiry Time |
Date |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
EventType: PH_DEV_MON_ISILON_NODE_DISK_PERF
Description: Isilon disk performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
opsPerSec |
Operations/sec |
uint32 |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
EventType: PH_DEV_MON_ISILON_NODE_HEALTH
Description: Isilon node health and performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
svcStatus |
Service Health |
string |
|
|
cluster |
Cluster |
string |
|
|
cpuUtil |
CPU Util |
double |
|
|
userCpuUtil |
User CPU Util |
double |
|
|
kernCpuUtil |
Kernel CPU Util |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
netSentKBytesPerSec |
Net Sent Rate KBps |
double |
|
|
netRecvdKBytesPerSec |
Net Received Rate KBps |
double |
|
EventType: PH_DEV_MON_ISILON_NODE_PROTO_PERF
Description: Isilon protocol performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appName |
Application Name |
string |
|
|
opsPerSec |
Operations/sec |
uint32 |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
minSentBytes |
Min Sent Bytes |
uint64 |
Minimum of Sent Bytes over the report window. Used in Profile Reports only. |
|
maxSentBytes |
Max Sent Bytes |
uint64 |
Maximum of Sent Bytes over the report window. Used in Profile Reports only. |
|
avgSentBytes |
Avg Sent Bytes |
double |
Average of Sent Bytes over the report window. Used in Profile Reports only. |
|
sdevSentBytes |
Std Dev Sent Bytes |
double |
Standard Deviation of Sent Bytes over the report window. Used in Profile Reports only. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
minRecvBytes |
Min Received Bytes |
uint64 |
Minimum of Received Bytes over the report window. Used in Profile Reports only. |
|
maxRecvBytes |
Max Received Bytes |
uint64 |
Maximum of Received Bytes over the report window. Used in Profile Reports only. |
|
avgRecvBytes |
Avg Received Bytes |
double |
Average of Received Bytes over the report window. Used in Profile Reports only. |
|
sdevRecvBytes |
Std Dev Received Bytes |
double |
Standard Deviation of Received Bytes over the report window. Used in Profile Reports only. |
|
latency |
Latency |
double |
|
|
minLatency |
Min Latency |
double |
|
|
maxLatency |
Max Latency |
double |
|
|
avgLatency |
Avg Latency |
double |
|
|
sdevLatency |
Std Dev Latency |
double |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
EventType: PH_DEV_MON_JBOSS_APP
Description: JBOSS application server settings and metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_CPU
Description: JBOSS CPU metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_DB_POOL
Description: JBOSS database pool metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_EJB
Description: JBOSS EJB metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_MEMORY
Description: JBOSS memory usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_REQUEST_PROCESSOR
Description: Weblogic request processor metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_SERVLET
Description: JBOSS servlet metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_SESSION
Description: JBOSS session metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_THREAD_POOL
Description: JBOSS thread pool usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_LOG_ALL_DEVICE_DELAY_HIGH
Description: Log receipt delay for all devices from a collection point crossed high water mark
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_LOG_ALL_DEVICE_DELAY_LOW
Description: Log receipt delay for all devices from a collection point fell below low water mark
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_LOG_DEVICE_DELAY_HIGH
Description: Log receipt delay for a single device crossed high water mark
Notes: This event is generated by FortiSIEM Supervisor node when no events are received from a single source IP (Reporting IP) within a (high threshold) time window. The time period can be set in two ways: - Global Setting: Set the EventRecvTimeGapHigh attribute in Admin > Device Support > Custom Properties. By default it is set to 10 minutes - Per device Setting: Set the "Event Receive Time Gap High Threshold minutes" attribute in CMDB > Choose a Device > Edit > Device Properties An event is generated for each jobType, e.g. Syslog, Windows Agent Log Collection, Linux Agent Log Collection, Cloud Service Log Collection etc.
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_LOG_DEVICE_DELAY_LOW
Description: Log receipt delay for a single device fell below water mark
Notes: This event is generated by FortiSIEM Supervisor node when no events are received from a single source IP (Reporting IP) within a (low threshold) time window. The time period can be set in two ways: - Global Setting: Set the EventRecvTimeGapLow attribute in Admin > Device Support > Custom Properties. By default it is set to 5 minutes - Per device Setting: Set the "Event Receive Time Gap Low Threshold minutes" attribute in CMDB > Choose a Device > Edit > Device Properties An event is generated for each jobType, e.g. Syslog, Windows Agent Log Collection, Linux Agent Log Collection, Cloud Service Log Collection etc.
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_MANUAL_SVC_START_TO_STOP
Description: Running Windows Manual service stopped
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
servicePath |
Service Path |
string |
|
|
serviceDesc |
Service Description |
string |
|
EventType: PH_DEV_MON_MANUAL_SVC_STOP
Description: Windows Manual Windows Service stopped
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
servicePath |
Service Path |
string |
|
|
serviceDesc |
Service Description |
string |
|
EventType: PH_DEV_MON_MANUAL_SVC_STOP_TO_START
Description: Stopped Windows Manual Service started
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
servicePath |
Service Path |
string |
|
|
serviceDesc |
Service Description |
string |
|
EventType: PH_DEV_MON_NETAPP_AGGR_MET
Description: NETAPP aggregate performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
aggrName |
NetApp Aggregate Name |
string |
|
|
aggrReadOpsPerSec |
Aggregate Read Request /sec |
double |
|
|
aggrWriteOpsPerSec |
Aggregate Write Request /sec |
double |
|
|
aggrTxfrPerSec |
Aggregate Transfer /sec |
double |
|
|
aggrCpReadPerSec |
Aggregate CP Read /sec |
double |
|
EventType: PH_DEV_MON_NETAPP_CIFS_MET
Description: NETAPP CIFS performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cifsOpsPerSec |
CIFS Request Rate |
double |
|
|
cifsLatency |
CIFS Latency ms |
double |
Overall Latency (ms) using CIFS storage protocol. |
EventType: PH_DEV_MON_NETAPP_CP_MET
Description: NetApp consistency point metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cpFromTimer |
Timer Consistency Point |
uint32 |
|
|
cpFromSnapshot |
Snapshot Consistency Point |
uint32 |
|
|
cpFromLowWater |
Low Water Consistency Point |
uint32 |
|
|
cpFromHiWater |
High Water Consistency Point |
uint32 |
|
|
cpFromLogFull |
Log Full Consistency Point |
uint32 |
|
|
backtobackCp |
Back-to-back Consistency Point |
uint32 |
|
|
totalCp |
Total Consistency Point |
uint32 |
|
|
deferredBacktobackCp |
Deferred Back-to-back Consistency Point |
uint32 |
|
EventType: PH_DEV_MON_NETAPP_DISK_HEALTH
Description: NetApp disk status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
totDisk |
Total Disk Count |
uint32 |
Total number of Disks |
|
activeDisk |
Active Disk Count |
uint32 |
Total number of Active Disks |
|
failedDisk |
Failed Disk Count |
uint32 |
Total number of Failed Disks |
|
spareDisk |
Spare Disk Count |
uint32 |
Total number of Spare Disks |
|
reconstDisk |
Reconstructing Disk Count |
uint32 |
Total number of Reconstructing Disks |
|
scrubbDisk |
Scrubbing Disk Count |
uint32 |
|
|
addSpareDisk |
Add Spare Disk Count |
uint32 |
|
EventType: PH_DEV_MON_NETAPP_DISK_MET
Description: NETAPP disk level performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
devDiskRdLatency |
Disk Read Latency ms |
double |
|
|
devDiskWrLatency |
Disk Write Latency ms |
double |
|
|
diskTfrOpsPerSec |
Disk Transfer Ops/s |
double |
|
EventType: PH_DEV_MON_NETAPP_FCP_MET
Description: NETAPP FCP performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
fcpReadOpsPerSec |
FCP Read Request /sec |
double |
Read Request Rate (operations/sec) using FCP storage protocol. |
|
fcpWriteOpsPerSec |
FCP Write Request /sec |
double |
Write Request Rate (operations/sec) using FCP storage protocol. |
|
fcpReadLatency |
FCP Read Latency ms |
double |
Read Latency (ms) using FCP storage protocol. |
|
fcpWriteLatency |
FCP Write Latency ms |
double |
Write Latency (ms) using FCP storage protocol. |
|
fcpReadKBytesPerSec |
FCP Read Volume KBps |
double |
Read throughput (KBytes/sec) using FCP storage protocol. |
|
fcpWriteKBytesPerSec |
FCP Write Volume KBps |
double |
Write throughput (KBytes/sec) using FCP storage protocol. |
EventType: PH_DEV_MON_NETAPP_ISCSI_MET
Description: NETAPP ISCSI performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
iscsiReadOpsPerSec |
ISCSI Read Request Rate |
double |
Read Request Rate (operations/sec) using ISCSI storage protocol. |
|
iscsiWriteOpsPerSec |
ISCSI Write Request Rate |
double |
Write Request Rate (operations/sec) using ISCSI storage protocol. |
|
iscsiReadLatency |
ISCSI Read Latency ms |
double |
Read Latency (ms) using ISCSI storage protocol. |
|
iscsiWriteLatency |
ISCSI Write Latency ms |
double |
Write Latency (ms) using ISCSI storage protocol. |
|
iscsiReadKBytesPerSec |
ISCSI Read Volume KBps |
double |
Read throughput (KBytes/sec) using ISCSI storage protocol. |
|
iscsiWriteKBytesPerSec |
ISCSI Write Volume KBps |
double |
Write throughput (KBytes/sec) using ISCSI storage protocol. |
EventType: PH_DEV_MON_NETAPP_LUN_MET
Description: NETAPP lun level performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
lunName |
LUN Name |
string |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
devDiskRWLatency |
Disk Read/Write Latency |
double |
|
|
diskQueueFull |
Disk Queue Full /sec |
double |
|
EventType: PH_DEV_MON_NETAPP_NFS3_MET
Description: NETAPP detailed NFS V3 performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
nfsReadOpsPerSec |
NFS Read Request Rate |
double |
Read Request Rate (operations/sec) using NFS storage protocol. |
|
nfsWriteOpsPerSec |
NFS Write Request Rate |
double |
Write Request Rate (operations/sec) using NFS storage protocol. |
|
nfsOpsPerSec |
NFS Request Rate |
double |
|
|
nfsReadLatency |
NFS Read Latency |
double |
Read Latency (ms) using NFS storage protocol. |
|
nfsWriteLatency |
NFS Write Latency |
double |
Write Latency (ms) using NFS storage protocol. |
|
nfsReadKBytesPerSec |
NFS Read Volume KBps |
double |
Read throughput (KBytes/sec) using NFS storage protocol. |
|
nfsWriteKBytesPerSec |
NFS Write Volume KBps |
double |
Write throughput (KBytes/sec) using NFS storage protocol. |
EventType: PH_DEV_MON_NETAPP_NFS4_MET
Description: NETAPP detailed NFS V4 performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
nfsReadOpsPerSec |
NFS Read Request Rate |
double |
Read Request Rate (operations/sec) using NFS storage protocol. |
|
nfsWriteOpsPerSec |
NFS Write Request Rate |
double |
Write Request Rate (operations/sec) using NFS storage protocol. |
|
nfsOpsPerSec |
NFS Request Rate |
double |
|
|
nfsReadLatency |
NFS Read Latency |
double |
Read Latency (ms) using NFS storage protocol. |
|
nfsWriteLatency |
NFS Write Latency |
double |
Write Latency (ms) using NFS storage protocol. |
|
nfsReadKBytesPerSec |
NFS Read Volume KBps |
double |
Read throughput (KBytes/sec) using NFS storage protocol. |
|
nfsWriteKBytesPerSec |
NFS Write Volume KBps |
double |
Write throughput (KBytes/sec) using NFS storage protocol. |
EventType: PH_DEV_MON_NETAPP_NFS_MET
Description: NETAPP NFS performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cacheAgeMin |
Cache Age Min |
uint64 |
|
|
cifsOpsPerSec |
CIFS Request Rate |
double |
|
|
nfsOpsPerSec |
NFS Request Rate |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
netSentKBytesPerSec |
Net Sent Rate KBps |
double |
|
|
netRecvdKBytesPerSec |
Net Received Rate KBps |
double |
|
|
rpcBadCallsDelta |
RPC Bad Calls |
uint64 |
|
|
nfsBadCallsDelta |
NFS Bad Calls |
uint64 |
|
|
cifsBadCallsDelta |
CIFS Bad Calls |
uint64 |
|
EventType: PH_DEV_MON_NETAPP_VOL_MET
Description: NETAPP volume performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
volName |
NetApp Volume Name |
string |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
nfsWriteOpsPerSec |
NFS Write Request Rate |
double |
Write Request Rate (operations/sec) using NFS storage protocol. |
|
nfsReadLatency |
NFS Read Latency |
double |
Read Latency (ms) using NFS storage protocol. |
|
nfsWriteLatency |
NFS Write Latency |
double |
Write Latency (ms) using NFS storage protocol. |
|
cifsReadOpsPerSec |
CIFS Read Request /sec |
double |
Read Request Rate (operations/sec) using CIFS storage protocol. |
|
cifsWriteOpsPerSec |
CIFS Write Request /sec |
double |
Write Request Rate (operations/sec) using CIFS storage protocol. |
|
cifsReadLatency |
CIFS Read Latency ms |
double |
Read Latency (ms) using CIFS storage protocol. |
|
cifsWriteLatency |
CIFS Write Latency ms |
double |
Write Latency (ms) using CIFS storage protocol. |
|
sanReadOpsPerSec |
SAN Read Request /sec |
double |
|
|
sanWriteOpsPerSec |
SAN Write Request /sec |
double |
|
|
sanReadLatency |
SAN Read Latency ms |
double |
|
|
sanWriteLatency |
SAN Write Latency ms |
double |
|
EventType: PH_DEV_MON_NETBOTZ_HW_EMS_STATUS
Description: NetBotz EMS Hardware Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
emsHwStatus |
EMS Hardware Status |
uint16 |
EMS Hardware Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
phyMachConnectionStateCode |
Physical Machine Connection State |
uint16 |
|
|
hwLogStatus |
Hardware Log Status |
uint16 |
Hardware Log Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
EventType: PH_DEV_MON_NETBOTZ_HW_MODULE_SENSOR
Description: NetBotz Module Sensor Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
moduleNumber |
Module Number |
uint32 |
|
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorLoc |
Sensor Location |
string |
|
|
envTempDegC |
Temperature Celsius |
uint32 |
|
|
envHumidityRel |
Relative Humidity |
uint32 |
|
|
phyMachConnectionStateCode |
Physical Machine Connection State |
uint16 |
|
|
hwAlarmDeviceStatus |
Hardware Alarm Device Status |
uint16 |
Hardware Alarm Device Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
EventType: PH_DEV_MON_NETBOTZ_HW_PROBE
Description: NetBotz Probe Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorLabel |
Sensor Label |
string |
|
|
envTempDegC |
Temperature Celsius |
uint32 |
|
|
envTempHighThreshDegC |
High Temperature Threshold Celsius |
uint32 |
|
|
envHumidityRel |
Relative Humidity |
uint32 |
|
|
envHumidityRelHighThresh |
High Relative Humidity Threshold |
uint32 |
|
|
envHumidityRelLowThresh |
Low Relative Humidity Threshold |
uint32 |
|
|
serialNumber |
Serial Number |
string |
|
|
phyMachConnectionStateCode |
Physical Machine Connection State |
uint16 |
|
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
|
envTempHighThreshDegF |
High Temperature Threshold Fahrenheit |
uint32 |
|
EventType: PH_DEV_MON_NETSCALER_APP_FW
Description: NetScaler Application Firewall metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
totalRequests |
Total Requests |
uint64 |
|
|
totalResponses |
Total Responses |
uint64 |
|
|
totalAborts |
Total Aborts |
uint64 |
|
|
totalRedirects |
Total Redirects |
uint64 |
|
|
startURLViol |
Start URL Violations |
uint32 |
|
|
denyURLViol |
Deny URL Violations |
uint32 |
|
|
bufOverflowViol |
Buffer Overflow Violations |
uint32 |
|
|
cookieViol |
Cookie Violations |
uint32 |
|
|
xssViol |
XSS Violations |
uint32 |
|
|
sqlViol |
SQL Violations |
uint32 |
|
|
fieldFormatViol |
Field Format Violations |
uint32 |
|
|
fieldConsistViol |
Field Consistency Violations |
uint32 |
|
|
creditCardViol |
Credit Card Violations |
uint32 |
|
|
safeObjViol |
Safe Object Violations |
uint32 |
|
|
totViol |
Total Violations |
uint32 |
|
EventType: PH_DEV_MON_NETSCALER_SERVICE
Description: NetScaler Service metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
serviceName |
Service Name |
string |
|
|
serverIpAddr |
Server IP |
IP |
|
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
appTransportProto |
Application Protocol |
string |
|
|
svcStatus |
Service Health |
string |
|
|
averageTransactionTime |
Average Transaction Time ms |
uint32 |
|
|
createdConn |
Created Connections |
uint64 |
|
|
activeConns |
Active Connection |
uint64 |
|
|
surgeQueue |
Surge Queue |
uint32 |
|
|
totalRequests |
Total Requests |
uint64 |
|
|
totalResponses |
Total Responses |
uint64 |
|
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
EventType: PH_DEV_MON_NETSCALER_VIRT_SERVER
Description: NetScaler Virtual Server metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
serverName |
Server Name |
string |
|
|
serverIpAddr |
Server IP |
IP |
|
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
appTransportProto |
Application Protocol |
string |
|
|
svcStatus |
Service Health |
string |
|
|
clientConns |
Client Connections |
uint64 |
|
|
serverConns |
Server Connections |
uint64 |
|
|
surgeQueue |
Surge Queue |
uint32 |
|
|
totalRequests |
Total Requests |
uint64 |
|
|
totalResponses |
Total Responses |
uint64 |
|
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
totHits |
Total Hits |
uint64 |
|
|
serviceUp |
Services Up |
uint32 |
|
|
serviceDown |
Services Down |
uint32 |
|
|
serviceUnknown |
Services Unknown |
uint32 |
|
|
serviceOOS |
Services OutOfService |
uint32 |
|
|
serviceTransitOOS |
Services Transit OutOfService |
uint32 |
|
EventType: PH_DEV_MON_NET_INTF_UTIL
Description: Network Interface utilization stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
intfAlias |
Host Interface Alias |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
inIntfUtil |
Recv Interface Util |
double |
Ratio of Received Bits per second (derived from recvBytes) to the received network interface speed |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
outIntfUtil |
Sent Interface Util |
double |
Ratio of Sent Bits per second (derived from sentBytes) to the sent network interface speed |
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
inIntfPktErr |
Recv Packet Errors |
uint32 |
Number of received packets that had errors. The networking stack discards these packets. |
|
inIntfPktErrPct |
Recv Packet Error Pct |
double |
Ratio of inIntfPktErr and the total number of received packets in an onterval |
|
outIntfPktErr |
Sent Packet Errors |
uint32 |
Number of sent packets that had errors. he networking stack discards these packets. |
|
outIntfPktErrPct |
Sent Packet Error Pct |
double |
Ratio of outIntfPktErr and the total number of received packets in an onterval |
|
outQLen64 |
Interface Sent Queue Length64 |
uint64 |
|
|
intfInSpeed64 |
Recv Interface Speed bps |
uint64 |
Received bits/sec through an interface |
|
intfOutSpeed64 |
Sent Interface Speed bps |
uint64 |
Sent bits/sec through an interface |
|
intfAdminStatus |
Interface Admin Status |
string |
|
|
intfOperStatus |
Interface Operational Status |
string |
|
|
daysSinceLastUse |
Days Since Last Use |
uint32 |
|
|
totIntfPktErr |
Total Packet Errors |
uint32 |
|
|
totBitsPerSec |
Total Bit Rate |
double |
Total (Sent plus Received) bits/sec through an interface |
|
linkDuplexStatus |
Link Duplex Status |
string |
|
|
alignError |
Frame Align Error |
uint32 |
|
|
fcsError |
Frame FCS Error |
uint32 |
|
|
defTransmit |
Frame Deferred Transmission |
uint32 |
|
|
multiCollision |
Frame Multi Collision |
uint32 |
|
|
lateCollision |
Frame Late Collision |
uint32 |
|
|
excessCollisionAbort |
Frame Excess Collision Abort |
uint32 |
|
|
macTxmitError |
Frame MAC Transmit Error |
uint32 |
|
|
carrierSenseError |
Frame Carrier Sense Error |
uint32 |
|
|
framesTooLong |
Frame Too Long |
uint32 |
|
|
symbolError |
Frame Symbol Error |
uint32 |
|
|
intMacRecvError |
Frame Internal MAC Receive Error |
uint32 |
|
|
vdom |
Virtual Domain |
string |
|
|
latency |
Latency |
double |
|
|
jitterMs |
Jitter |
uint32 |
|
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
|
availSentBitsPerSec |
Available Sent Rate |
double |
|
|
availRecvBitsPerSec |
Available Received Rate |
double |
|
|
realtimeLinkCost |
Real-time Link Cost |
uint32 |
|
|
transactionalLinkCost |
Transactional Link Cost |
uint32 |
|
|
backgroundLinkCost |
Background Link Cost |
uint32 |
|
|
relayDevIpAddr |
Relaying IP |
IP |
Relaying IP is most commonly used to specify the log relay appliance, usually a collector. |
|
relayDevName |
Relaying Device |
string |
This is the hostname of the relaying device, a log relay, which is most typically a FortiSIEM collector. |
EventType: PH_DEV_MON_NIMBLE_GLOBAL_STAT
Description: Nimble Storage global stats
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
ioReadsPerSec |
Total Read I/Os Rate |
double |
|
|
ioSeqReadsPerSec |
Total Sequential Read I/Os Rate |
double |
|
|
ioWritesPerSec |
Total Write I/Os Rate |
double |
|
|
ioSeqWritesPerSec |
Total Sequential Write I/Os Rate |
double |
|
|
ioReadLatency |
IO Read Latency |
uint64 |
|
|
ioWriteLatency |
IO Write Latency |
uint64 |
|
|
ioReadKBytesPerSec |
Total Read I/O Rate KBps |
double |
|
|
ioSeqReadKBytesPerSec |
Total Sequential Read I/O Rate KBps |
double |
|
|
ioWriteKBytesPerSec |
Total Write I/O Rate KBps |
double |
|
|
ioSeqWriteKBytesPerSec |
Total Sequential Write I/O Rate KBps |
double |
|
|
usedVolMB |
Used Volumes MB |
uint64 |
|
|
usedSnapMB |
Used Snapshots MB |
uint64 |
|
|
ioNonSeqCacheHitRatio |
Non-Sequential Read I/Os Hit Ratio |
double |
|