Performance and Availability Monitoring Logs
This section provides logs related to Performance and Availability Monitoring
EventType: PH_DEV_MON_ACME_PACKET_SESSION_AGENT_STATUS
Description: Acme Packet Controller session status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
sessionAgentHostName |
Agent HostName |
string |
|
|
sessionAgentType |
Agent Type |
string |
|
|
sessionInboundCont |
Session Inbound Count |
uint32 |
|
|
sessionInboundRate |
Session Inbound Rate |
uint32 |
|
|
sessionOutboundCount |
Session Outbound Count |
uint32 |
|
|
sessionOutboundRate |
Session Outbound Rate |
uint32 |
|
|
sessionAgentStatus |
Session Agent Status |
string |
|
EventType: PH_DEV_MON_ACME_PACKET_SYS_STATUS
Description: Acme Packet Controller system status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
apSysHealthScore |
System Health Score |
uint32 |
|
|
apSysRedundancy |
System Redundancy |
uint32 |
|
|
apSysGlobalConSess |
System Global ConSess |
uint32 |
|
|
apSysGlobalCPS |
System Global CPS |
uint32 |
|
|
apSysNATCapacity |
System NAT Capacity |
uint32 |
|
|
apSysARPCapacity |
System ARP Capacity |
uint32 |
|
|
apSysState |
System State |
uint32 |
|
|
apSysLicenseCapacity |
System License Capacity |
uint32 |
|
|
apSysSipStatsActiveLocalContacts |
System Sip Stats Active Local Contacts |
uint32 |
|
|
apSysMgcpGWEndpoints |
System Mgcp GW Endpoints |
uint32 |
|
|
apSysH323Registration |
System H323 Registration |
uint32 |
|
|
apSysRegCacheLimit |
System Reg Cache Limit |
uint32 |
|
|
apSysApplicationCPULoadRate |
System Application CPU Load Rate |
uint32 |
|
|
apSysRejectedMessages |
System Rejected Messages |
uint32 |
|
|
apSysSipEndptDemTrustToUntrust |
System Sip Endpt Dem Trust To Untrust |
uint32 |
|
|
apSysSipEndptDemUntrustToDeny |
System Sip Endpt Dem Untrust To Deny |
uint32 |
|
|
apSysMgcpEndptDemTrustToUntrust |
System Mgcp Endpt Dem Trust To Untrust |
uint32 |
|
|
apSysMgcpEndptDemUntrustToDeny |
System Mgcp Endpt Dem Untrust To Deny |
uint32 |
|
|
apSysSipTotalCallsRejected |
System SIP Total Calls Rejected |
uint32 |
|
|
apSysSipStatsActiveSubscriptions |
System SIP Active Subscriptions |
uint32 |
|
|
apSysSipStatsPerMaxSubscriptions |
System SIP Per Max Subscriptions |
uint32 |
|
|
apSysSipStatsPerMaximumActiveSubscriptions |
System SIP Per Maximum Active Subscriptions |
uint32 |
|
|
apSysSipStatsTotalSubscriptions |
System SIPTotal Subscriptions |
uint32 |
|
EventType: PH_DEV_MON_APP_APACHE_MET
Description: Apache Web server performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
httpTotalAccesses |
HTTP Connection Count |
uint32 |
|
|
httpTotalKBytes |
HTTP Total KBytes |
uint32 |
|
|
apacheCPULoad |
Apache CPU Load |
double |
|
|
apacheUptime |
Apache Uptime |
uint64 |
|
|
apacheReqPerSec |
Apache Request Rate /sec |
double |
|
|
apacheBytesPerSec |
Apache Transfer Rate Bytes/sec |
double |
|
|
apacheBytesPerReq |
Apache Transfer Rate Bytes/Req |
double |
|
|
apacheBusyWorkers |
Apache Busy Workers |
uint32 |
|
|
apacheIdleWorkers |
Apache Idle Workers |
uint32 |
|
EventType: PH_DEV_MON_APP_ASPNET_MET
Description: ASP.NET performance metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
aspReqExecTimeMs |
ASP.NET Request Exec Time ms |
uint32 |
|
|
aspReqCurrent |
ASP.NET Curent Requests |
uint32 |
|
|
aspReqDisconnected |
ASP.NET Disconn Requests |
uint32 |
|
|
aspReqQueued |
ASP.NET Queued Requests |
uint32 |
|
|
aspReqRejected |
ASPNET Rejected Requests |
uint32 |
|
|
aspReqWaitTimeMs |
ASP.NET Request Wait Time ms |
uint32 |
|
EventType: PH_DEV_MON_APP_DHCP_MET
Description: DHCP performance metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
dhcpReqPerSec |
DHCP Request Rate /sec |
uint32 |
|
|
dhcpRelPerSec |
DHCP Release Rate /sec |
uint32 |
|
|
dhcpDeclinesPerSec |
DHCP Decline Rate /sec |
uint32 |
|
|
dhcpDupsDroppedPerSec |
DHCP Duplicate Drop Rate /sec |
uint32 |
|
|
dhcpPktsPerSec |
DHCP Packet Rate /sec |
uint32 |
|
|
dhcpActiveQueueLen |
DHCP Active Queue Length |
uint32 |
|
|
dhcpConflictQueueLen |
DHCP Conflict Queue Length |
uint32 |
|
|
dhcpAvgRespTime |
DHCP Average Resp Time |
uint32 |
|
|
dhcpDiscoverPreSec |
DHCP Discover Rate /sec |
uint32 |
|
|
dhcOfferPerSec |
DHCP Offer Rate /sec |
uint32 |
|
|
dhcpAckPerSec |
DHCP Ack Rate /sec |
uint32 |
|
|
dhcpNackPerSec |
DHCP Nack Rate /sec |
uint32 |
|
|
dhcpInformPerSec |
DHCP Inform Rate /sec |
uint32 |
|
EventType: PH_DEV_MON_APP_DNS_MET
Description: DNS performance metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
dnsReqRecv |
DNS Requests Recvd |
uint32 |
|
|
dnsRespSent |
DNS Responses Sent |
uint32 |
|
|
winsReqRecv |
WINS Requests Recvd |
uint32 |
|
|
winsRespSent |
WINS Responses Sent |
uint32 |
|
|
dnsRecQueryRecv |
Recursive DNS Query Recvd |
uint32 |
|
|
recurDnsQueryFail |
Recursive DNS Query Failed |
uint32 |
|
|
recurDnsQueryTimeout |
Recursive DNS Query Timeout |
uint32 |
|
|
fullDnsXferSent |
Full DNS Zone Transfer Request Sent |
uint32 |
|
|
fullDnsXferRecv |
Full DNS Zone Transfer Responses Recvd |
uint32 |
|
|
fullDnsXferSucc |
Full DNS Zone Transfer Success |
uint32 |
|
|
incrDnsXferRecv |
Incremental DNS Zone Transfer Responses Recvd |
uint32 |
|
|
incrDnsXferSucc |
Incremental DNS Zone Transfer Success |
uint32 |
|
|
dnsSecUpdateRecv |
Secure DNS Update Recvd |
uint32 |
|
|
dynDnsUpdRej |
Dynamic DNS Update Rejected |
uint32 |
|
|
dynDnsUpdTimeout |
Dynamic DNS Update Timeout |
uint32 |
|
|
secDnsUpdFail |
Secure DNS Update Failed |
uint32 |
|
EventType: PH_DEV_MON_APP_ICA_SESS_MET
Description: Citrix ICA IIS session metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
user |
User |
string |
|
|
icaLatencyLast |
ICA Latency Last Recorded |
uint32 |
|
|
icaLatencySessAvg |
ICA Latency Session Average |
uint32 |
|
|
icaLatencySessDev |
ICA Latency Session Deviation |
uint32 |
|
|
icaInSessBw |
ICA Input Session Bandwidth |
uint32 |
|
|
icaInSessLineSpeed |
ICA Input Session Line Speed |
uint32 |
|
|
icaInSessComp |
ICA Input Session Compression |
uint32 |
|
|
icaInDriveBw |
ICA Input Drive Bandwidth |
uint32 |
|
|
icaInEchoBw |
ICA Input Text Echo Bandwidth |
uint32 |
|
|
icaInAudioBw |
ICA Input Audio Bandwidth |
uint32 |
|
|
icaInVFBw |
ICA Input VideoFrame Bandwidth |
uint32 |
|
|
icaOutSessBw |
ICA Output Session Bandwidth |
uint32 |
|
|
icaOutSessLineSpeed |
ICA Output Session Line Speed |
uint32 |
|
|
icaOutSessComp |
ICA Output Session Compression |
uint32 |
|
|
icaOutDriveBw |
ICA Output Drive Bandwidth |
uint32 |
|
|
icaOutEchoBw |
ICA Output Text Echo Bandwidth |
uint32 |
|
|
icaOutAudioBw |
ICA Output Audio Bandwidth |
uint32 |
|
|
icaOutVFBw |
ICA Output VideoFrame Bandwidth |
uint32 |
|
EventType: PH_DEV_MON_APP_IIS_MET
Description: Microsoft IIS performance metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
httpCurrConnCount |
HTTP Current Connection Count |
uint32 |
|
|
httpMaxConnCount |
HTTP Max Connection Count |
uint32 |
|
|
httpSentFiles |
HTTP Sent Files |
uint32 |
|
|
httpRecvFiles |
HTTP Recv Files |
uint32 |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
|
sysUpTime |
System Uptime |
uint32 |
|
|
httpNotFoundErr |
HTTP Not Found Errors |
uint32 |
|
|
srvInstName |
Web Server Instance |
string |
|
EventType: PH_DEV_MON_APP_MSEXCH_ERR_MET
Description: Microsoft Exchange performance error metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchRPCFailed |
Exch RPC Failed Count |
uint32 |
|
|
exchRPCSuccess |
Exch RPC Success Count |
uint32 |
|
|
exchRPCCallFailed |
Exch RPC Failed - Call Failed |
uint32 |
|
|
exchRPCDenied |
Exch RPC Denied Count |
uint32 |
|
|
exchRPCFailedServBusy |
Exch RPC Failed - Server Busy |
uint32 |
|
|
exchRPCFailedServUnavail |
Exch RPC Failed - Server Unavail |
uint32 |
|
|
exchBgRPCFailed |
Exch Background RPC Failed |
uint32 |
|
|
exchFgRPCFailed |
Exch Foreground RPC Failed |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_ISDB_INST_MET
Description: Microsoft Exchange Database Instance Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
dbName |
DB Name |
string |
|
|
logGenCheckptDepth |
Log Gen Checkpoint Depth |
uint32 |
|
|
dbReadsAverageLatency |
DB Read latency ms |
uint32 |
|
|
dbWritesAverageLatency |
DB Write latency ms |
uint32 |
|
|
dbPhysicalWritesPerSec |
DB Write Rate /sec |
double |
|
|
dbSessionCount |
DB Session Count |
uint32 |
|
|
sessPctUsed |
Session Used Pct |
uint32 |
|
|
logBytesWritePersec |
Log Write Rate Bps |
uint32 |
|
|
versionbucketsallocated |
Version Buckets Allocated |
uint32 |
|
|
logThreadsWaiting |
Log Threads Waiting |
uint32 |
|
|
tableOpenCacheHitsPersec |
Table Open Cache Hit Rate /sec |
uint32 |
|
|
tableOpenCacheMissesPersec |
Table Open Cache Miss Rate /sec |
uint32 |
|
|
tableOpenCachePercentHit |
Table Open Cache Hit Pct |
uint32 |
|
|
tableOpensPersec |
Table Open Rate /sec |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_ISDB_MET
Description: Microsoft Exchange Information Store Database Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
pageFaultsStallsPersec |
Page Fault Stall Rate /sec |
uint32 |
|
|
pageFaultsPersec |
Page Fault Rate /sec |
uint32 |
|
|
dbCacheSizeMB |
DB Cache Size MB |
uint32 |
|
|
dbCachePercentHit |
DB Cache Hit pct |
uint32 |
|
|
logBytesWritePersec |
Log Write Rate Bps |
uint32 |
|
|
dbReadsAverageLatency |
DB Read latency ms |
uint32 |
|
|
dbWritesAverageLatency |
DB Write latency ms |
uint32 |
|
|
logRecordStallsPersec |
Log Record Stall Rate /sec |
uint32 |
|
|
versionbucketsallocated |
Version Buckets Allocated |
uint32 |
|
|
logThreadsWaiting |
Log Threads Waiting |
uint32 |
|
|
logWritesAverageLatency |
Log Write latency ms |
uint32 |
|
|
dbPageFaultsPersec |
DB Page Fault Rate /sec |
uint32 |
|
|
dbPageFaultStallsPersec |
DB Page Fault Stall Rate /sec |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_MBOX_MET
Description: MS Exchange mailbox utilization metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchMboxName |
Exch Mailbox Name |
string |
|
|
exchMboxSendQueue |
Exch Mailbox Send Queue |
uint32 |
|
|
exchMboxRecvQueue |
Exch Mailbox Recv Queue |
uint32 |
|
|
exchMboxSentMsg |
Exch Mailbox Sent Message |
uint32 |
|
|
exchMboxSubmitMsg |
Exch Mailbox Submitted Message |
uint32 |
|
|
exchMboxDelivMsg |
Exch Mailbox Delivered Message |
uint32 |
|
|
exchMboxActiveUserCount |
Exch Mailbox Active User Count |
uint32 |
|
|
exchMboxPeakUserCount |
Exch Mailbox Peak User Count |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_MET
Description: Microsoft Exchange performance metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchVMLargestBlockSize |
Exch VM Largest Block Size |
uint32 |
|
|
exchVMTotalLargeFreeBlockBytes |
Exch VM Large Free Blocks Bytes |
uint32 |
|
|
exchVMTotalFreeBlocks |
Exch VM Free Blocks |
uint32 |
|
|
exchRPCReq |
Exch RPC Requests Served |
uint32 |
|
|
exchRPCAvgLatency |
Exch Avg RPC Latency ms |
uint32 |
|
|
exchRPCOpsPerSec |
Exch RPC Ops Rate /sec |
uint32 |
|
|
exchRPCReqPeak |
Exch RPC Request Peak |
uint32 |
|
|
exchUserCount |
Exch User Count |
uint32 |
|
|
exchActiveUserCount |
Exch Active User Count |
uint32 |
|
|
exchPeakUserCount |
Exch Peak User Count |
uint32 |
|
|
exchActiveConnCount |
Exch Active Conn Count |
uint32 |
|
|
exchMaxConn |
Exch Max Conn Count |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_REPL_MET
Description: Microsoft Exchange Replication Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchReplInstName |
Exch Replication Instance Name |
string |
|
|
copyQueueLen |
Exch TxLog Copy Queue Length |
uint32 |
|
|
replayQueueLength |
Exch TxLog Replay Queue Length |
uint32 |
|
|
avgLogCopyLatencyMs |
Exch Log Copy latency ms |
uint32 |
|
|
maxNetworkLatencyMs |
Exch Log Copy network Latency ms |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_SMTP_MET
Description: MS Exchange SMTP metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchCatQueue |
Exch Categorization Queue |
uint32 |
|
|
exchSMTPLocalQueue |
Exch SMTP Local Queue |
uint32 |
|
|
exchSMTPRemoteQueue |
Exch SMTP Remote Queue |
uint32 |
|
|
exchSMTPInConn |
Exch SMTP Inbound Conn |
uint32 |
|
|
exchSMTPOutConn |
Exch SMTP Outbound Conn |
uint32 |
|
|
sentBytesPerSec |
Sent Byte Rate |
double |
|
|
recvBytesPerSec |
Received Byte Rate |
double |
|
|
exchSMTPRetries |
Exch SMTP Retries |
uint32 |
|
|
exchSMTPLocalRetryQueue |
Exch SMTP Local Retry Queue |
uint32 |
|
|
exchSMTPRemoteRetryQueue |
Exch SMTP Remote Retry Queue |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_STORE_INTF_MET
Description: Microsoft Exchange Store Interface Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchStoreIntfName |
Exch Store Interface Name |
string |
|
|
exchRPCAvgLatency |
Exch Avg RPC Latency ms |
uint32 |
|
|
RPCReqOutstanding |
Exch Outstanding RPC Requests |
uint32 |
|
|
ROPReqOutstanding |
Exch Outstanding ROP Requets |
uint32 |
|
|
RPCReqFailedPct |
Exch RPC Failed Requests Pct |
uint32 |
|
|
RPCSlowReq |
Exch RPC Slow Requests |
uint32 |
|
|
RPCSlowReqLatencyAvgMs |
Exch RPC Slow Request Latency ms |
uint32 |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
EventType: PH_DEV_MON_APP_MSEXCH_SUBMIT_MET
Description: Microsoft Exchange Mail Submission Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
hubServers |
Exch Hub Server Count |
uint32 |
|
|
hubServersInRetry |
Exch Hub Servers In Retry |
uint32 |
|
|
failedSubmissions |
Exch Failed Submissions |
uint32 |
|
|
successSubmissions |
Exch Successful Submissions |
uint32 |
|
|
tempSubmissionFailures |
Exch Temp Submission Failures |
uint32 |
|
|
hubTranspServersPrctActive |
Exch Active Hub Transport Servers Pct |
uint32 |
|
|
failedSubmissionsPersec |
Exch Failed Submission Rate /sec |
uint32 |
|
|
successSubmissionsPersec |
Exch Successful Submission Rate /sec |
uint32 |
|
|
tempSubmissionFailuresPersec |
Exch Temp Submission Failure Rate /sec |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_TRANS_MET
Description: Microsoft Exchange Transport Queue Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
aggDeliveryQueueLen |
Exch Aggregate Delivery Queue |
uint32 |
|
|
activeRemoteDeliveryQueueLen |
Exch Active Remote Delivery Queue |
uint32 |
|
|
activeMailboxDeliveryQueueLen |
Exch Active Mailbox Delivery Queue |
uint32 |
|
|
submissionQueueLen |
Exch Submission Queue |
uint32 |
|
|
activeNonSmtpDeliveryQueueLen |
Exch Active Non-SMTP Deelivery Queue |
uint32 |
|
|
retryMailboxDeliveryQueueLen |
Exch Retry Mailbox Delivery Queue |
uint32 |
|
|
unreachableQueueLen |
Exch Unreachable Queue |
uint32 |
|
|
largestDeliveryQueueLen |
Exch Largest Delivery Queue |
uint32 |
|
|
poisonQueueLength |
Exch Poison Queue |
uint32 |
|
EventType: PH_DEV_MON_APP_MSEXCH_WS_MET
Description: MS Exchange Mailbox whitespace metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
exchMboxName |
Exch Mailbox Name |
string |
|
|
exchMboxWs |
Exch Mailbox Whitespace MB |
uint32 |
|
EventType: PH_DEV_MON_APP_NTDS_MET
Description: Microsoft directory service performance metrics collected
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
dirSearchesPerSec |
NTDS Dir Search Rate /sec |
double |
|
|
dirReadsPerSec |
NTDS Dir Read Rate /sec |
double |
|
|
dirWritesPerSec |
NTDS Dir Write Rate /sec |
double |
|
|
dirBrowsesPerSec |
NTDS Dir Browse Rate /sec |
double |
|
|
LDAPSearchesPerSec |
NTDS LDAP Search Rate /sec |
double |
|
|
DSClientBindsPerSec |
NTDS Client Bind Rate /sec |
double |
|
|
LDAPNewConnectionsPerSec |
NTDS LDAP New Conn Rate /sec |
double |
|
|
LDAPSuccessfulBindsPerSec |
NTDS LDAP Success Bind Rate /sec |
double |
|
|
LDAPActiveThreads |
NTDS LDAP Active Threads |
uint32 |
|
|
LDAPBindTime |
NTDS LDAP Bind Time |
uint32 |
|
|
LDAPClientSessions |
NTDS LDAP Client Sessions |
uint32 |
|
EventType: PH_DEV_MON_ARUBA_WLAN_RADIO_METRIC
Description: WLAN Radio interface metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
wlanChannelId |
WLAN Channel Id |
uint32 |
WLAN Channel Id found in SNMP based WLAN monitoring |
|
wlanProtocol |
WLAN Protocol |
string |
WLAN Protocol found in SNMP based WLAN monitoring |
|
wlanUserCount |
WLAN User count |
uint32 |
WLAN User count found in SNMP based WLAN monitoring |
|
wlanChannelUtil |
WLAN Channel Util |
uint32 |
WLAN Channel Util found in SNMP based WLAN monitoring |
|
ifIntefIndx |
WLAN Interface Interefence Index |
uint32 |
WLAN Interface Interefence Index found in SNMP based WLAN monitoring |
|
ifCoverageIndx |
WLAN Interface Coverage Index |
uint32 |
WLAN Interface Coverage Index found in SNMP based WLAN monitoring |
|
ifNoiseIndx |
WLAN Interface Noise Index |
uint32 |
WLAN Interface Noise Index found in SNMP based WLAN monitoring |
|
totBytesPerSec |
Total Byte Rate |
double |
|
|
totPktsPerSec |
Total Packet Rate |
double |
|
EventType: PH_DEV_MON_AUTH_STATS
Description: FortiAuthenticator Authentication status
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
authUserCount |
Auth User Count |
uint32 |
|
|
authGroupCount |
Auth Group Count |
uint32 |
|
|
tokenCount |
Token Count |
uint32 |
|
|
usersRemaining |
User Remaining |
uint32 |
|
|
groupRemaining |
Group Remaining |
uint32 |
|
|
tokenRemaining |
Token Remaining |
uint32 |
|
|
radiusNasCount |
Radius Nas Count |
uint32 |
|
|
radiusNasRemaining |
Radius Nas Remaining |
uint32 |
|
|
userCertCount |
User Certification Count |
uint32 |
|
|
radiusLoginsTot |
Radius Logins Count |
uint32 |
|
|
radiusLogins5Mins |
Radius Logins Count 5 Mins |
uint32 |
|
|
radiusFailuresTot |
Radius Login Failures Count |
uint32 |
|
|
radiusFailures5Mins |
Radius Login Failures Count 5 Mins |
uint32 |
|
|
radiusAccountingTot |
Radius Accounting Count |
uint32 |
|
|
radiusAccounting5Mins |
Radius Accounting Count 5 Mins |
uint32 |
|
|
ldapLoginsTot |
LDAP Logins Count |
uint32 |
|
|
ldapLogins5Mins |
LDAP Logins Count 5 Mins |
uint32 |
|
|
ldapFailuresTot |
LDAP Failures Count |
uint32 |
|
|
ldapFailures5Mins |
LDAP Failures Count 5 Mins |
uint32 |
|
|
authEventsTot |
Auth Events Count |
uint32 |
|
|
authEvents5Mins |
Auth Events Count 5 Mins |
uint32 |
|
|
authFailure |
Auth Failures |
uint32 |
|
|
authFailures5Mins |
Auth Failures Count 5 Mins |
uint32 |
|
|
radiusProxyInTot |
Radius Proxy Requests Received |
uint32 |
|
|
radiusProxyOutTot |
Radius Proxy Requests Sent |
uint32 |
|
EventType: PH_DEV_MON_AUTO_SVC_START_TO_STOP
Description: Running Windows Auto Service stopped
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
servicePath |
Service Path |
string |
|
|
serviceDesc |
Service Description |
string |
|
EventType: PH_DEV_MON_AUTO_SVC_STOP
Description: Windows Auto Service stopped
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
servicePath |
Service Path |
string |
|
|
serviceDesc |
Service Description |
string |
|
EventType: PH_DEV_MON_AUTO_SVC_STOP_TO_START
Description: Stopped Windows Auto Service started
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
servicePath |
Service Path |
string |
|
|
serviceDesc |
Service Description |
string |
|
EventType: PH_DEV_MON_BC_PROXY_METRIC
Description: Bluecoat Web-proxy metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
proxyCacheObjCount |
Proxy Cache Object Count |
uint32 |
|
|
proxy2ServerHttpErr |
Proxy-to-Server HTTP Error |
uint32 |
|
|
proxy2ServerHttpReq |
Proxy-to-Server HTTP Requests |
uint32 |
|
|
server2ProxyHttpKBps |
Server-to-Proxy HTTP Traffic KBps |
double |
|
|
proxy2ServerHttpKBps |
Proxy-to-Server HTTP Traffic KBps |
double |
|
|
client2ProxyHttpReq |
Client-to-Proxy HTTP Request |
uint32 |
|
|
client2ProxyHttpCacheHit |
Client-to-Proxy HTTP Cache Hit |
uint32 |
|
|
client2ProxyHttpError |
Client-to-Proxy HTTP Errors |
uint32 |
|
|
client2ProxyHttpKBps |
Client-to-Proxy HTTP Traffic KBps |
double |
|
|
proxy2ClientHttpKBps |
Proxy-to-Client HTTP Traffic KBps |
double |
|
EventType: PH_DEV_MON_BGP_NBR_STATUS
Description: BGP neighbor status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
srcASNum |
Source Autonomous System Number |
uint16 |
The Autonomous System Number (ASN) to which Source IP belongs. ASN is a unique identifier that is globally available and allows its autonomous system to exchange routing information with other systems. This attribute is generally present in Netflow. |
|
destASNum |
Destination Autonomous System Number |
uint16 |
The Autonomous System Number (ASN) to which Destination IP belongs. ASN is a unique identifier that is globally available and allows its autonomous system to exchange routing information with other systems. This attribute is generally present in Netflow. |
|
bgpState |
BGP State |
string |
|
EventType: PH_DEV_MON_BOX_FILE_CREATE
Description: Box.com file created
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
fileType |
File Type |
string |
|
|
targetName |
Target Name |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
|
filePath |
File Path |
string |
|
|
fileOwner |
File Owner |
string |
|
|
fileDesc |
File Description |
string |
|
|
user |
User |
string |
|
|
userId |
User Id |
string |
|
|
accessTime |
Access Time |
Date |
|
|
accountName |
Account Name |
string |
|
|
fileId |
File Id |
string |
|
|
fileVersion |
File Version |
string |
|
|
targetHashCode |
Target Hash Code |
string |
|
EventType: PH_DEV_MON_BOX_FILE_DELETE
Description: Box.com file deleted
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
fileType |
File Type |
string |
|
|
targetName |
Target Name |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
|
filePath |
File Path |
string |
|
|
fileOwner |
File Owner |
string |
|
|
fileDesc |
File Description |
string |
|
|
user |
User |
string |
|
|
userId |
User Id |
string |
|
|
accessTime |
Access Time |
Date |
|
|
accountName |
Account Name |
string |
|
|
fileId |
File Id |
string |
|
|
fileVersion |
File Version |
string |
|
|
targetHashCode |
Target Hash Code |
string |
|
EventType: PH_DEV_MON_BOX_FILE_MODIFY
Description: Box.com file modified
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
fileType |
File Type |
string |
|
|
targetName |
Target Name |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
|
filePath |
File Path |
string |
|
|
fileOwner |
File Owner |
string |
|
|
fileDesc |
File Description |
string |
|
|
user |
User |
string |
|
|
userId |
User Id |
string |
|
|
accessTime |
Access Time |
Date |
|
|
accountName |
Account Name |
string |
|
|
fileId |
File Id |
string |
|
|
fileVersion |
File Version |
string |
|
|
targetHashCode |
Target Hash Code |
string |
|
EventType: PH_DEV_MON_BOX_FILE_SHARE
Description: Box.com file sharing properties
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
fileType |
File Type |
string |
|
|
targetName |
Target Name |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
|
filePath |
File Path |
string |
|
|
fileOwner |
File Owner |
string |
|
|
fileDesc |
File Description |
string |
|
|
accountName |
Account Name |
string |
|
|
fileId |
File Id |
string |
|
|
fileVersion |
File Version |
string |
|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
downloadURL |
Download URL |
string |
|
|
filePasswordEnabled |
File Password Enabled |
string |
|
|
filePreviewEnabled |
File Preview Enabled |
string |
|
|
fileDownloadEnabled |
File Download Enabled |
string |
|
|
fileUnshareAtTime |
File Unshare At Time |
Date |
|
|
filePreviewCount |
File Preview Count |
uint64 |
|
|
fileDownloadCount |
File Download Count |
uint64 |
|
EventType: PH_DEV_MON_CBQOS_CMSTAT
Description: Cisco Class-Based QoS ClassMap related metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
qosPolicy |
CBQoS Policy Name |
string |
Class Based QoS (CSQoS) Policy Name. This parameter is set by CBQoS monitoring. |
|
qosClass |
CBQoS Class Name |
string |
Class Based QoS (CSQoS) Class Name. This parameter is set by CBQoS monitoring. |
|
qosPrePoliceRate |
CBQoS PrePolice KBps |
double |
The rate (in KBytes/sec) of pre-policed Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosPostPoliceRate |
CBQoS PostPolice KBps |
double |
The rate (in KBytes/sec) of post-policed Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosDropRate |
CBQoS Drop KBps |
double |
The rate (in KBytes/sec) of dropped Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosDropPct |
CBQoS Drop Pct |
double |
Dropped traffic percentage of Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
EventType: PH_DEV_MON_CBQOS_POLICESTAT
Description: Cisco Class-Based QoS Police Action related metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
qosPolicy |
CBQoS Policy Name |
string |
Class Based QoS (CSQoS) Policy Name. This parameter is set by CBQoS monitoring. |
|
qosClass |
CBQoS Class Name |
string |
Class Based QoS (CSQoS) Class Name. This parameter is set by CBQoS monitoring. |
|
qosConformRate |
CBQoS Conform KBps |
double |
The rate (in KBytes/sec) of conforming Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosExceedRate |
CBQoS Exceeded KBps |
double |
The rate (in KBytes/sec) of exceeding Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosViolateRate |
CBQoS Violated KBps |
double |
The rate (in KBytes/sec) of violating Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
EventType: PH_DEV_MON_CBQOS_QUEUESTAT
Description: Cisco Class-Based QoS Queueing Action related metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
qosPolicy |
CBQoS Policy Name |
string |
Class Based QoS (CSQoS) Policy Name. This parameter is set by CBQoS monitoring. |
|
qosClass |
CBQoS Class Name |
string |
Class Based QoS (CSQoS) Class Name. This parameter is set by CBQoS monitoring. |
|
qosCurrQueue |
CBQoS Curr Queue Length |
uint32 |
Current Queue length in Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosMaxQueue |
CBQoS Max Queue Length |
uint32 |
Maximum Queue length in Class Based QoS (CSQoS) traffic. This parameter is set by CBQoS monitoring. |
|
qosDiscardPkt |
CBQoS Discarded Pkt |
uint32 |
|
EventType: PH_DEV_MON_CCM_CTI_STAT
Description: Cisco Call Manager CTI device status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
lastRegTime |
Last Registered Time |
Date |
|
EventType: PH_DEV_MON_CCM_CTI_STAT_CHANGE
Description: Cisco Call Manager CTI device status changed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
prevCCMStatus |
Prev CCM Status |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_DEL_CTI
Description: Cisco Call Manager CTI device deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_DEL_GW
Description: Cisco Call Manager Gateway deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_DEL_H323
Description: Cisco Call Manager H323 device deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_DEL_MEDIA
Description: Cisco Call Manager Media device deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_DEL_SIP_TRUNK
Description: Cisco Call Manager SIP Trunk Deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_DEL_VM
Description: Cisco Call Manager Voice mail device deleted
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_GLOBAL_INFO
Description: Cisco Call Manager Global Device Info
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
regPhone |
Registered Phones |
uint32 |
|
|
unregPhone |
Unregistered Phones |
uint32 |
|
|
rejPhone |
Rejected Phones |
uint32 |
|
|
regGw |
Registered Gateways |
uint32 |
|
|
unregGw |
Unregistered Gateways |
uint32 |
|
|
rejGw |
Rejected Gateways |
uint32 |
|
|
regMedia |
Registered Media |
uint32 |
|
|
unregMedia |
Unregistered Media |
uint32 |
|
|
rejMedia |
Rejected Media |
uint32 |
|
|
regVM |
Registered VMail |
uint32 |
|
|
unregVM |
Unregistered VMail |
uint32 |
|
|
rejVM |
Rejected VMail |
uint32 |
|
|
sipTrunk |
SIP Trunks |
uint32 |
|
EventType: PH_DEV_MON_CCM_GW_STAT
Description: Cisco Call Manager Gateway Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
lastRegTime |
Last Registered Time |
Date |
|
EventType: PH_DEV_MON_CCM_GW_STAT_CHANGE
Description: Cisco Call Manager Gateway Status Change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
prevCCMStatus |
Prev CCM Status |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_H323_STAT
Description: Cisco Call Manager H323 Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
lastRegTime |
Last Registered Time |
Date |
|
EventType: PH_DEV_MON_CCM_H323_STAT_CHANGE
Description: Cisco Call Manager H323 Status Change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
prevCCMStatus |
Prev CCM Status |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_MEDIA_STAT
Description: Cisco Call Manager Media device Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
lastRegTime |
Last Registered Time |
Date |
|
EventType: PH_DEV_MON_CCM_MEDIA_STAT_CHANGE
Description: Cisco Call Manager Media device status change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
prevCCMStatus |
Prev CCM Status |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_NEW_CTI
Description: Cisco Call Manager CTI device added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_NEW_GW
Description: Cisco Call Manager Gateway added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_NEW_H323
Description: Cisco Call Manager H323 device added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_NEW_MEDIA
Description: Cisco Call Manager Media device added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_NEW_SIP_TRUNK
Description: Cisco Call Manager SIP Trunk Added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_NEW_VM
Description: Cisco Call Manager Voice Mail device added
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CCM_SIP_TRUNK_STAT
Description: Cisco Call Manager SIP Trunk Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
|
srcProto |
Source Application Protocol |
string |
|
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destProto |
Destination Application Protocol |
string |
|
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
EventType: PH_DEV_MON_CCM_VM_STAT
Description: Cisco Call Manager Voice Mail Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
description |
Description |
string |
|
|
type |
Type |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
lastRegTime |
Last Registered Time |
Date |
|
EventType: PH_DEV_MON_CCM_VM_STAT_CHANGE
Description: Cisco Call Manager Voice Mail Status Change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
prevCCMStatus |
Prev CCM Status |
string |
|
|
ccmStatus |
CCM Status |
string |
|
|
description |
Description |
string |
|
|
type |
Type |
string |
|
EventType: PH_DEV_MON_CHANGE_CUST_CONFIG
Description: Config Change detected by custom script
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
oldSVNVersion |
Old SVN Version |
uint32 |
|
|
newSVNVersion |
New SVN Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_CHANGE_INST_SW
Description: New software (un)installed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
oldSVNVersion |
Old SVN Version |
uint32 |
|
|
newSVNVersion |
New SVN Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_CHANGE_RUN_CONFIG
Description: Running config changed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
oldSVNVersion |
Old SVN Version |
uint32 |
|
|
newSVNVersion |
New SVN Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_CHANGE_RUN_SW
Description: Running apps changed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_CHANGE_STARTUP_CONFIG
Description: Startup config changed
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
oldSVNVersion |
Old SVN Version |
uint32 |
|
|
newSVNVersion |
New SVN Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_CISCO_NBAR_STAT
Description: Cisco NBAR statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
appTransportProto |
Application Protocol |
string |
|
|
totFlows |
Total Flows |
uint32 |
Total number of Total (Sent plus Received) Flows. Used in Netflow. |
|
recvFlows |
Received Flows |
uint32 |
Total number of Received Flows. Used in Netflow. |
|
sentFlows |
Sent Flows |
uint32 |
Total number of Sent Flows. Used in Netflow. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
totBitsPerSec |
Total Bit Rate |
double |
Total (Sent plus Received) bits/sec through an interface |
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
EventType: PH_DEV_MON_CISCO_RAS_VPN_MET
Description: Remote Access VPN metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
localVpnIpAddr |
Local VPN Tunnel IP |
IP |
|
|
ispVpnIpAddr |
ISP VPN IP |
IP |
|
|
user |
User |
string |
|
|
userGrp |
User Group |
string |
|
|
tunnelStatus |
Tunnel Status |
string |
|
|
tunnelUpTime |
Tunnel Uptime |
uint64 |
|
|
rasSessProto |
RAS Session Protocol |
string |
|
|
authenMethod |
Authentication Method |
string |
|
|
authorMethod |
Authorization Method |
string |
|
|
encryptAlgo |
Encryption Algorithm |
string |
|
|
authenAlgo |
Authentication Algorithm |
string |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
|
sentPktDrop |
Sent Packet Drop |
uint64 |
|
|
recvPktDrop |
Recv Packet Drop |
uint64 |
|
EventType: PH_DEV_MON_CISCO_VPN_P1_TUNNEL_MET
Description: IPSec P1 Tunnel metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
localVpnIpAddr |
Local VPN Tunnel IP |
IP |
|
|
remoteVpnIpAddr |
Remote VPN Tunnel IP |
IP |
|
|
tunnelStatus |
Tunnel Status |
string |
|
|
tunnelUpTime |
Tunnel Uptime |
uint64 |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPktDrop |
Sent Packet Drop |
uint64 |
|
|
sentExchReject |
Sent Exch Reject |
uint64 |
|
|
sentExchInvalid |
Sent Exch Invalid |
uint64 |
|
|
recvPktDrop |
Recv Packet Drop |
uint64 |
|
|
recvExchReject |
Recv Exch Reject |
uint64 |
|
|
recvExchInvalid |
Recv Exch Invalid |
uint64 |
|
EventType: PH_DEV_MON_CISCO_VPN_P2_TUNNEL_MET
Description: IPSec P2 Tunnel metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
localVpnIpAddr |
Local VPN Tunnel IP |
IP |
|
|
remoteVpnIpAddr |
Remote VPN Tunnel IP |
IP |
|
|
tunnelStatus |
Tunnel Status |
string |
|
|
tunnelUpTime |
Tunnel Uptime |
uint64 |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPktDrop |
Sent Packet Drop |
uint64 |
|
|
sentAuthFail |
Sent Auth Fail |
uint64 |
|
|
sentEncryptFail |
Sent Encrypt Fail |
uint64 |
|
|
recvPktDrop |
Recv Packet Drop |
uint64 |
|
|
recvAuthFail |
Recv Auth Fail |
uint64 |
|
|
recvDecryptFail |
Recv Decrypt Fail |
uint64 |
|
|
recvReplayFail |
Recv Replay Fail |
uint64 |
|
EventType: PH_DEV_MON_CISCO_WLAN_RADIO_METRIC
Description: WLAN Radio interface metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
wlanProtocol |
WLAN Protocol |
string |
WLAN Protocol found in SNMP based WLAN monitoring |
|
ifOperStatus |
Interface Oper Status |
string |
|
|
wlanUserCount |
WLAN User count |
uint32 |
WLAN User count found in SNMP based WLAN monitoring |
|
wlanSuppChannels |
WLAN Supported Channels |
string |
WLAN Supported Channels found in SNMP based WLAN monitoring |
|
wlanChannelId |
WLAN Channel Id |
uint32 |
WLAN Channel Id found in SNMP based WLAN monitoring |
|
wlanSendUtil |
WLAN Transmit Util |
uint32 |
WLAN Transmit Util found in SNMP based WLAN monitoring |
|
wlanRecvUtil |
WLAN Receive Util |
uint32 |
WLAN Receive Util found in SNMP based WLAN monitoring |
|
wlanChannelUtil |
WLAN Channel Util |
uint32 |
WLAN Channel Util found in SNMP based WLAN monitoring |
|
wlanPoorSNRUserCount |
WLAN Poor SNR User count |
uint32 |
WLAN Poor SNR User count found in SNMP based WLAN monitoring |
|
ifLoadProfile |
WLAN Interface Load Profile |
string |
WLAN Interface Load Profile found in SNMP based WLAN monitoring |
|
ifIntefProfile |
WLAN Interface Interefence Profile |
string |
WLAN Interface Interefence Profile found in SNMP based WLAN monitoring |
|
ifCoverageProfile |
WLAN Interface Coverage Profile |
string |
WLAN Interface Coverage Profile found in SNMP based WLAN monitoring |
|
ifNoiseProfile |
WLAN Interface Noise Profile |
string |
WLAN Interface Noise Profile found in SNMP based WLAN monitoring |
EventType: PH_DEV_MON_CITRIX_SDWAN_INTF
Description: Citrix SD-WAN Interface metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
ifIntefIndx |
WLAN Interface Interefence Index |
uint32 |
WLAN Interface Interefence Index found in SNMP based WLAN monitoring |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
sentBytes |
Sent Bytes |
uint32 |
Number of bytes sent by a host. This has 32bit resolution. |
|
sentPkts |
Sent Packets |
uint32 |
Number of packets sent by a host. This is 32bit version. |
|
recvBytes |
Received Bytes |
uint32 |
Number of bytes received by a host. This has 32bit resolution. |
|
recvPkts |
Received Packets |
uint32 |
Number of packets received by a host. This is 32bit version. |
|
droppedBytes |
Dropped Bytes |
uint32 |
|
|
totPktDrop |
Dropped Packets |
uint64 |
Packets dropped |
EventType: PH_DEV_MON_CITRIX_SDWAN_LINK
Description: Citrix SD-WAN Link metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
wanLinkId |
Wan link ID |
uint32 |
|
|
wanLinkName |
Wan link Name |
string |
|
|
wanLinkState |
Wan link State |
uint32 |
|
|
sentBytes |
Sent Bytes |
uint32 |
Number of bytes sent by a host. This has 32bit resolution. |
|
sentPkts |
Sent Packets |
uint32 |
Number of packets sent by a host. This is 32bit version. |
|
recvBytes |
Received Bytes |
uint32 |
Number of bytes received by a host. This has 32bit resolution. |
|
recvPkts |
Received Packets |
uint32 |
Number of packets received by a host. This is 32bit version. |
|
droppedBytes |
Dropped Bytes |
uint32 |
|
|
totPktDrop |
Dropped Packets |
uint64 |
Packets dropped |
|
addressType |
Address Type |
string |
|
|
serverIpAddr |
Server IP |
IP |
|
|
lanToWanRate |
Lan To Wan Rate |
uint64 |
|
|
wanToLanRate |
Wan To Lan Rate |
uint64 |
|
|
lanToWanAllowedRate |
Lan To Wan Allowed Rate |
uint64 |
|
|
wanToLanAllowedRate |
Wan To Lan Allowed Rate |
uint64 |
|
EventType: PH_DEV_MON_CLARION_ARRAY_UTIL
Description: Clarion/VNX Storage Array utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
availDiskMB |
Available Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
hwHotSpareDiskCount |
Hot Spare Disk Count |
uint32 |
|
EventType: PH_DEV_MON_CLARION_DISK_HEALTH
Description: Clarion/VNX Disk health
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
totDisk |
Total Disk Count |
uint32 |
Total number of Disks |
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
activeDisk |
Active Disk Count |
uint32 |
Total number of Active Disks |
|
failedDisk |
Failed Disk Count |
uint32 |
Total number of Failed Disks |
|
spareDisk |
Spare Disk Count |
uint32 |
Total number of Spare Disks |
EventType: PH_DEV_MON_CLARION_HOST_CONN
Description: Host to Clarion/VNX Fiber channel Connections
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcWWN |
Source FiberChannel WWN Id |
string |
|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
spPortName |
SAN Storage Port Name |
string |
|
|
fcLoginStatus |
SAN FC Login Status |
uint32 |
|
|
fcRegStatus |
SAN FC Registration Status |
uint32 |
|
|
lunNameList |
SAN LUN Name List |
string |
|
|
sgName |
SAN Storage Group Name |
string |
|
EventType: PH_DEV_MON_CLARION_LUN_UTIL
Description: Clarion/VNX LUN utilization metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
lunName |
LUN Name |
string |
|
|
lunNumber |
LUN Number |
uint32 |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
EventType: PH_DEV_MON_CLARION_PER_HOST_LUN_UTIL
Description: Per host Clarion/VNX LUN utilization metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
lunName |
LUN Name |
string |
|
|
lunNumber |
LUN Number |
uint32 |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
EventType: PH_DEV_MON_CLARION_PORT_UTIL
Description: Clarion/VNX Storage Port utilization metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
spPortName |
SAN Storage Port Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
EventType: PH_DEV_MON_CLARION_RG_UTIL
Description: Clarion/VNX RAID Group utilization metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
raidGrpId |
RAID Group Id |
uint32 |
|
|
raidType |
RAID Type |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
EventType: PH_DEV_MON_CLARION_SP_UTIL
Description: Clarion/VNX Storage Processor utilization metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
spName |
SAN Storage Processor Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
cpuUtil |
CPU Util |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
EventType: PH_DEV_MON_CLARION_STORAGE_USAGE
Description: Clarion/VNX Storage space utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
usageType |
Usage Type |
string |
|
|
diskUsage |
Disk Used MB |
uint64 |
|
EventType: PH_DEV_MON_CLARION_STORE_POOL_UTIL
Description: Clarion/VNX Storage pool utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
spoolName |
Storage Pool Name |
string |
|
|
raidType |
RAID Type |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
diskRWKBytesPerSec |
Disk RW Rate KBps |
double |
|
EventType: PH_DEV_MON_CLARION_UNREG_HOST
Description: Logged in but not yet registered Host at EMC CLarion
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcWWN |
Source FiberChannel WWN Id |
string |
|
|
spPortName |
SAN Storage Port Name |
string |
|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DEV_MON_CLOUD_SERVICE_HEARTBEAT
Description: Cloud service heartbeat
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptVendor |
Reporting Vendor |
string |
This field captures the vendor of the reported event |
|
reptModel |
Reporting Model |
string |
This field captures the model of the reported event |
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
version |
Version |
string |
|
|
domain |
Domain |
string |
|
EventType: PH_DEV_MON_CMDB_DISK_PRUNE_FAILED
Description: CMDB free Disk fell below the low threshold and inspite of pruning older incidents and identity / location data, CMDB free Disk stays below high threshold. User need to reduce the number of months of incidents and identity / location data in CMDB.
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CMDB_DISK_PRUNE_SUCCESS
Description: CMDB free Disk fell below the low threshold and old incidents and identity / location data were pruned to bring the CMDB free Disk above high threshold
Severity: 4 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CUST_FILE_CHANGE_ATTRIB
Description: File or directory ownership or access permission changed
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CUST_FILE_CHANGE_CONTENT
Description: File or directory content hash changed
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CUST_FILE_CREATE
Description: New file or directory created
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CUST_FILE_DELETE
Description: New file or directory deleted
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CUST_FILE_SCAN
Description: Files scanned with hashes
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_CUST_TARGET_FILE_CHANGE
Description: Target file content changed from gold standard
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_DATASTORE_UTIL
Description: Datastore utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_DCDIAG
Description: Windows Active Directory DCDIAG command output
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_DDNS_UPDATE_STAT
Description: InfoBlox DDNS Update performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
ddnsUpdateSuccess |
DDNS Succesful Updates |
uint32 |
|
|
ddnsUpdateFail |
DDNS Failed Updates |
uint32 |
|
|
dynDnsUpdRej |
Dynamic DNS Update Rejected |
uint32 |
|
|
ddnsUpdatePrereqRej |
DDNS Prereq Rejected Updates |
uint32 |
|
|
ddnsUpdateLatency |
DDNS Update latency |
uint32 |
|
|
dynDnsUpdTimeout |
Dynamic DNS Update Timeout |
uint32 |
|
EventType: PH_DEV_MON_DELLFORCE10_EXT_INTF_UTIL
Description: Network Interface extended utilization stats for Dell Force10 device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
intfAlias |
Host Interface Alias |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
inVlanPktsPerSec |
Recv Valid VLAN Tagged Frame Rate |
double |
|
|
inOverrunsPerSec |
Recv Buffer Overrun Rate |
double |
|
|
outVlanPktsPerSec |
Sent Valid VLAN Tagged Frame rate |
double |
|
|
outUnderrunsPerSec |
Sent Buffer Underrun Rate |
double |
|
|
outUnicastsPerSec |
Sent Unicast Frames rate |
double |
|
|
outCollisionsPerSec |
Sent Frame Collision rate |
double |
|
|
outWredDropsPerSec |
Sent WRED Drop Rate |
double |
|
EventType: PH_DEV_MON_DELL_BLADE_POWER_STATUS
Description: Dell Blade Server Chassis Power Utilization metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
maxSpecEnvPower |
Max Spec Power Watt |
double |
|
|
potentialEnvPower |
Potential Power Watt |
double |
|
|
idleEnvPower |
Idle Power Watt |
double |
|
|
surplusEnvPower |
Surplus Power Watt |
double |
|
|
peakEnvPower |
Peak Power Watt |
double |
|
|
minEnvPower |
Minimum Power Watt |
double |
|
|
envPower |
Power Watt |
double |
|
|
envCurrentAmp |
Current Amp |
double |
|
EventType: PH_DEV_MON_DELL_BLADE_PSU_STATUS
Description: Dell Blade Server Power Supply Utilization metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorLoc |
Sensor Location |
string |
|
|
envPower |
Power Watt |
double |
|
|
envCurrentAmp |
Current Amp |
double |
|
|
envVoltage |
Voltage |
double |
|
EventType: PH_DEV_MON_DELTA_CONFIG
Description: Running config different than startup config
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
startUpConfVer |
StartUp Config Version |
uint32 |
|
|
runningConfVer |
Running Config Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_DGA_DETECTED
Description: FortiSIEM detected host names created via Domain Generation Algorithm
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
relayDevIpAddr |
Relaying IP |
IP |
Relaying IP is most commonly used to specify the log relay appliance, usually a collector. |
|
relayDevName |
Relaying Device |
string |
This is the hostname of the relaying device, a log relay, which is most typically a FortiSIEM collector. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
domainEntropy |
Domain Name Entropy |
double |
|
EventType: PH_DEV_MON_DHCP_SUBNET_USAGE
Description: InfoBlox DHCP subnet usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
dhcpSubnetAddr |
DHCP Subnet Address |
IP |
|
|
dhcpSubnetMask |
DHCP Subnet Mask |
IP |
|
|
dhcpSubnetUsed |
DHCP Subnet Usage pct |
uint32 |
|
EventType: PH_DEV_MON_DISK_IO_UTIL
Description: Disk IO Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskIOUtil |
Disk IO Util |
double |
|
|
devDiskRWLatency |
Disk Read/Write Latency |
double |
|
|
appDiskRWLatency |
Disk Appl Read/Write Latency |
double |
|
|
diskTfrKBytesPerSec |
Disk Transfer Rate KBps |
double |
|
|
diskNumofSeeksPerSec |
Disk Number of Seeks |
double |
|
|
diskType |
Disk Type |
string |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
devDiskRdLatency |
Disk Read Latency ms |
double |
|
|
devDiskWrLatency |
Disk Write Latency ms |
double |
|
|
diskQLen |
Disk Queue Length |
uint32 |
|
EventType: PH_DEV_MON_DISK_MON_SKIP
Description: Disk/Volume Monitoring skipped by policy
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
EventType: PH_DEV_MON_DNS_CLUST_REPL_STAT
Description: InfoBlox DNS CLuster replication metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
dnsReplQueueStatus |
DNS Replication Queue Status |
string |
|
|
dnsSentQueueFromMaster |
DNS Sent Queue From Master |
uint32 |
|
|
dnsLastSentTimeFromMaster |
DNS Sent Time From Master |
string |
|
|
dnsSentQueueToMaster |
DNS Sent Queue To Master |
uint32 |
|
|
dnsLastSentTimeToMaster |
DNS Sent Time To Master |
string |
|
EventType: PH_DEV_MON_DNS_PERF_STAT
Description: InfoBlox DNS Performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
nonAuthDNSQueryCount |
NonAuth DNS Query Count |
uint32 |
|
|
nonAuthDNSAvgLatency |
Avg NonAuth DNS Latency ms |
uint32 |
|
|
authDNSQueryCount |
Auth DNS Query Count |
uint32 |
|
|
authDNSAvgLatency |
Avg Auth DNS Latency ms |
uint32 |
|
|
dnsInvalidPort |
Invalid DNS Port Response |
uint32 |
|
|
dnsInvalidTxId |
Invalid DNS TXID Response |
uint32 |
|
EventType: PH_DEV_MON_DNS_ZONETX_MET
Description: InfoBlox DNS Zone Transfer metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
dnsZone |
DNS Zone Name |
string |
|
|
dnsRespSent |
DNS Responses Sent |
uint32 |
|
|
dnsFailedQuery |
DNS Failed Queries |
uint32 |
|
|
dnsReferral |
DNS Referrals |
uint32 |
|
|
dnsQueryNxRecord |
DNS Non-existent Record Queries |
uint32 |
|
|
dnsQueryNxDomain |
DNS Non-existent Domain Queries |
uint32 |
|
|
dnsRecQueryRecv |
Recursive DNS Query Recvd |
uint32 |
|
EventType: PH_DEV_MON_DST_AD_REPL_STAT
Description: Windows Active Directory Destination REPLSTAT command output
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_EBS_METRIC
Description: AWS EBS metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
volumeId |
AWS Volume Id |
string |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
ioReadsPerSec |
Total Read I/Os Rate |
double |
|
|
ioWritesPerSec |
Total Write I/Os Rate |
double |
|
|
diskQLen |
Disk Queue Length |
uint32 |
|
EventType: PH_DEV_MON_EC2_INSTANCE_DOWN
Description: AWS EC2 instance went down
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
ec2InstanceId |
EC2 Instance Id |
string |
|
|
accountId |
Account Id |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DEV_MON_EC2_INSTANCE_UP
Description: AWS EC2 instance came back up
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
ec2InstanceId |
EC2 Instance Id |
string |
|
|
accountId |
Account Id |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DEV_MON_EC2_METRIC
Description: Amazon Web Services EC2 status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cpuUtil |
CPU Util |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
EventType: PH_DEV_MON_EMC_DATADOMAIN_DISK_PERF
Description: EMC Data Domain disk performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
diskSectorsReadPerSec |
Disk Sector Reads/sec |
double |
|
|
diskSectorsWrittenPerSec |
Disk Sector Writes/sec |
double |
|
|
diskTfrKBytesPerSec |
Disk Transfer Rate KBps |
double |
|
|
diskIOUtil |
Disk IO Util |
double |
|
|
hwDiskStatus |
Hardware Disk Status |
uint16 |
Hardware Disk Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
EventType: PH_DEV_MON_EMC_DATADOMAIN_OVERALL_PERF
Description: EMC Data Domain overall performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskIOUtil |
Disk IO Util |
double |
|
|
nvramReadKBytesPerSec |
NVRAM Reads KBps |
double |
|
|
nvramWriteKBytesPerSec |
NVRAM Writes KBps |
double |
|
|
replInKBytesPerSec |
Replication Recvd KBps |
double |
|
|
replOutKBytesPerSec |
Replication Writes KBps |
double |
|
|
nfsOpsPerSec |
NFS Request Rate |
double |
|
|
nfsProcPercentage |
NFS Processing Pct |
double |
|
|
nfsSendPercentage |
NFS Send Pct |
double |
|
|
nfsReceivePercentage |
NFS Recv Pct |
double |
|
|
cifsOpsPerSec |
CIFS Request Rate |
double |
|
EventType: PH_DEV_MON_EQL_CONN_MET
Description: EqualLogic connection performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
sanConnCount |
SAN Connection Count |
uint32 |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
devDiskRdLatency |
Disk Read Latency ms |
double |
|
|
devDiskWrLatency |
Disk Write Latency ms |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
EventType: PH_DEV_MON_EQL_DISK_HEALTH
Description: EqualLogic disk status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
totDisk |
Total Disk Count |
uint32 |
Total number of Disks |
|
activeDisk |
Active Disk Count |
uint32 |
Total number of Active Disks |
|
failedDisk |
Failed Disk Count |
uint32 |
Total number of Failed Disks |
|
spareDisk |
Spare Disk Count |
uint32 |
Total number of Spare Disks |
EventType: PH_DEV_MON_EQL_DISK_MET
Description: EqualLogic disk level performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
diskIOUtil |
Disk IO Util |
double |
|
|
ioQueue |
Disk IO Queue |
uint32 |
|
|
diskTransferRate |
Disk Transfer Rate/sec |
double |
|
EventType: PH_DEV_MON_EQL_GROUP_MET
Description: EqualLogic group level performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
totalStorageMB |
Total Storage MB |
uint32 |
|
|
usedStorageMB |
Used Storage MB |
uint32 |
|
|
resvStorageMB |
Reserved Storage MB |
uint32 |
|
|
resvUsedStorageMB |
Reserved Used Disk MB |
uint32 |
|
|
totalVolume |
Total Volumes |
uint32 |
|
|
usedVolume |
Used Volumes |
uint32 |
|
|
onlineVolume |
Online Volumes |
uint32 |
|
|
totalSnapshot |
Total Snapshots |
uint32 |
|
|
usedSnapshot |
Used Snapshots |
uint32 |
|
|
onlineSnapshot |
Online Snapshots |
uint32 |
|
EventType: PH_DEV_MON_ESX_DATASTORE_IO
Description: ESX Datastore IO stats
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_ESX_DISK_IO
Description: ESX Disk IO stats
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_ESX_DISK_UTIL
Description: ESX datastore utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_ESX_STATE
Description: Physical Machine State
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_ESX_UPTIME
Description: ESX server's up time
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_EUM_FAIL
Description: Synthetic transaction monitor failed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
appPort |
Application Port |
string |
This field represents the port that an application uses. |
|
appTransportProto |
Application Protocol |
string |
|
|
endUserMonitorName |
Synthetic Transaction Monitor Name |
string |
This is the name of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI |
|
endUserMonitorStep |
Synthetic Transaction Monitor Step |
string |
This is the step of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI. An STM job can have many steps, and an event is generated for every step. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
srcProto |
Source Application Protocol |
string |
|
|
srcUser |
Source User |
string |
|
|
destUser |
Destination User |
string |
|
|
mailSubject |
Mail Subject |
string |
|
EventType: PH_DEV_MON_EUM_INTERNAL_ERR
Description: Synthetic transaction monitoring failed because of internal error
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
appPort |
Application Port |
string |
This field represents the port that an application uses. |
|
appTransportProto |
Application Protocol |
string |
|
|
endUserMonitorName |
Synthetic Transaction Monitor Name |
string |
This is the name of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
srcProto |
Source Application Protocol |
string |
|
|
srcUser |
Source User |
string |
|
|
destUser |
Destination User |
string |
|
|
mailSubject |
Mail Subject |
string |
|
EventType: PH_DEV_MON_EUM_STATUS
Description: Synthetic transaction monitor status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
appPort |
Application Port |
string |
This field represents the port that an application uses. |
|
appTransportProto |
Application Protocol |
string |
|
|
endUserMonitorName |
Synthetic Transaction Monitor Name |
string |
This is the name of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI |
|
endUserMonitorStep |
Synthetic Transaction Monitor Step |
string |
This is the step of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI. An STM job can have many steps, and an event is generated for every step. |
|
newStatus |
New Status |
string |
|
|
sysDownTime |
System Downtime |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_EUM_SUCCESS
Description: Synthetic transaction monitor succeeded
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appGroupName |
Application Group Name |
string |
|
|
appPort |
Application Port |
string |
This field represents the port that an application uses. |
|
appTransportProto |
Application Protocol |
string |
|
|
endUserMonitorName |
Synthetic Transaction Monitor Name |
string |
This is the name of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI |
|
endUserMonitorStep |
Synthetic Transaction Monitor Step |
string |
This is the step of the Synthetic Transaction Monitor (STM) performance job defined in FortiSIEM GUI. An STM job can have many steps, and an event is generated for every step. |
|
appResponseTimeMSec |
Application Response Time |
uint32 |
|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
srcProto |
Source Application Protocol |
string |
|
|
srcUser |
Source User |
string |
|
|
destUser |
Destination User |
string |
|
|
mailSubject |
Mail Subject |
string |
|
EventType: PH_DEV_MON_F5_ACTIVE_CONN
Description: F5 Active Connection Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
clientConns |
Client Connections |
uint64 |
|
|
serverConns |
Server Connections |
uint64 |
|
|
pvaClientConns |
PVA Client Connections |
uint32 |
|
|
pvaServerConns |
PVA Server Connections |
uint32 |
|
|
sslClientConns |
SSL Client Connections |
uint32 |
|
|
sslServerConns |
SSL Server Connections |
uint32 |
|
EventType: PH_DEV_MON_F5_LTM_NODE_STAT
Description: F5 LTM Node Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serverIpAddr |
Server IP |
IP |
|
|
statusDetailedReason |
Status Detail Reason |
string |
|
|
ratio |
Ratio |
uint64 |
|
|
monitorState |
Monitor State |
string |
|
|
monitorStatus |
Monitor Status |
string |
|
|
sessionStatus |
Session Status |
string |
|
|
availState |
Availability State |
string |
|
|
enabledState |
Enabled State |
string |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
recvPktsPerSec |
Received Packet Rate |
double |
Received Packet rate (packets/sec) |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
recvBytesPerSec |
Received Byte Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
sentPktsPerSec |
Sent Packet Rate |
double |
Sent Packet rate (packets/sec) |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
sentBytesPerSec |
Sent Byte Rate |
double |
|
|
peakConns |
Peak Connections |
uint64 |
|
|
totConns |
Total Connections |
uint64 |
|
|
totConnsPerSec |
Total Connections/sec |
double |
|
|
activeConns |
Active Connection |
uint64 |
|
|
pvaRecvPkts |
Received PVA Packets |
uint64 |
|
|
pvaRecvPktsPerSec |
Received PVA Pkts/sec |
double |
|
|
pvaRecvBytes |
Received PVA Bytes |
uint64 |
|
|
pvaRecvBytesPerSec |
Received PVA Bps |
double |
|
|
pvaSentPkts |
Sent PVA Packets |
uint64 |
|
|
pvaSentPktsPerSec |
Sent PVA Pkts/sec |
double |
|
|
pvaSentBytes |
Sent PVA Bytes |
uint64 |
|
|
pvaSentBytesPerSec |
Sent PVA Bps |
double |
|
|
pvaMaxConns |
Max PVA Connections |
uint64 |
|
|
pvaTotConns |
Total PVA Connections |
uint64 |
|
|
pvaTotConnsPerSec |
PVA Connections/sec |
double |
|
|
pvaCurrConns |
Current PVA Connections |
uint64 |
|
|
totRequests |
Total Requests |
uint64 |
|
|
totRequestsPerSec |
Requests/sec |
double |
|
|
pvaAssistTotConns |
Total PVA Assisted Connections |
uint64 |
|
|
pvaAssistTotConnsPerSec |
PVA Assisted Connections/sec |
double |
|
|
pvaAssistCurrConns |
Assisted PVA Connections |
uint64 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_LTM_POOL_MEMBER_STAT
Description: F5 LTM Pool Member Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serverIpAddr |
Server IP |
IP |
|
|
poolName |
Pool Name |
string |
|
|
statusDetailedReason |
Status Detail Reason |
string |
|
|
memberPort |
Member Port |
uint16 |
|
|
ratio |
Ratio |
uint64 |
|
|
monitorState |
Monitor State |
string |
|
|
monitorStatus |
Monitor Status |
string |
|
|
sessionStatus |
Session Status |
string |
|
|
availState |
Availability State |
string |
|
|
enabledState |
Enabled State |
string |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
recvPktsPerSec |
Received Packet Rate |
double |
Received Packet rate (packets/sec) |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
recvBytesPerSec |
Received Byte Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
sentPktsPerSec |
Sent Packet Rate |
double |
Sent Packet rate (packets/sec) |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
sentBytesPerSec |
Sent Byte Rate |
double |
|
|
peakConns |
Peak Connections |
uint64 |
|
|
totConns |
Total Connections |
uint64 |
|
|
totConnsPerSec |
Total Connections/sec |
double |
|
|
activeConns |
Active Connection |
uint64 |
|
|
pvaRecvPkts |
Received PVA Packets |
uint64 |
|
|
pvaRecvPktsPerSec |
Received PVA Pkts/sec |
double |
|
|
pvaRecvBytes |
Received PVA Bytes |
uint64 |
|
|
pvaRecvBytesPerSec |
Received PVA Bps |
double |
|
|
pvaSentPkts |
Sent PVA Packets |
uint64 |
|
|
pvaSentPktsPerSec |
Sent PVA Pkts/sec |
double |
|
|
pvaSentBytes |
Sent PVA Bytes |
uint64 |
|
|
pvaSentBytesPerSec |
Sent PVA Bps |
double |
|
|
pvaMaxConns |
Max PVA Connections |
uint64 |
|
|
pvaTotConns |
Total PVA Connections |
uint64 |
|
|
pvaTotConnsPerSec |
PVA Connections/sec |
double |
|
|
pvaCurrConns |
Current PVA Connections |
uint64 |
|
|
totRequests |
Total Requests |
uint64 |
|
|
totRequestsPerSec |
Requests/sec |
double |
|
|
pvaAssistTotConns |
Total PVA Assisted Connections |
uint64 |
|
|
pvaAssistTotConnsPerSec |
PVA Assisted Connections/sec |
double |
|
|
pvaAssistCurrConns |
Assisted PVA Connections |
uint64 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_LTM_POOL_STAT
Description: F5 LTM Pool Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
poolName |
Pool Name |
string |
|
|
poolLbMode |
Pool Loadbalance Mode |
string |
|
|
poolMemberCount |
Pool Member Count |
uint64 |
|
|
availState |
Availability State |
string |
|
|
enabledState |
Enabled State |
string |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
recvPktsPerSec |
Received Packet Rate |
double |
Received Packet rate (packets/sec) |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
recvBytesPerSec |
Received Byte Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
sentPktsPerSec |
Sent Packet Rate |
double |
Sent Packet rate (packets/sec) |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
sentBytesPerSec |
Sent Byte Rate |
double |
|
|
peakConns |
Peak Connections |
uint64 |
|
|
totConns |
Total Connections |
uint64 |
|
|
totConnsPerSec |
Total Connections/sec |
double |
|
|
activeConns |
Active Connection |
uint64 |
|
|
pvaRecvPkts |
Received PVA Packets |
uint64 |
|
|
pvaRecvPktsPerSec |
Received PVA Pkts/sec |
double |
|
|
pvaRecvBytes |
Received PVA Bytes |
uint64 |
|
|
pvaRecvBytesPerSec |
Received PVA Bps |
double |
|
|
pvaSentPkts |
Sent PVA Packets |
uint64 |
|
|
pvaSentPktsPerSec |
Sent PVA Pkts/sec |
double |
|
|
pvaSentBytes |
Sent PVA Bytes |
uint64 |
|
|
pvaSentBytesPerSec |
Sent PVA Bps |
double |
|
|
pvaMaxConns |
Max PVA Connections |
uint64 |
|
|
pvaTotConns |
Total PVA Connections |
uint64 |
|
|
pvaTotConnsPerSec |
PVA Connections/sec |
double |
|
|
pvaCurrConns |
Current PVA Connections |
uint64 |
|
|
pvaAssistTotConns |
Total PVA Assisted Connections |
uint64 |
|
|
pvaAssistTotConnsPerSec |
PVA Assisted Connections/sec |
double |
|
|
pvaAssistCurrConns |
Assisted PVA Connections |
uint64 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_LTM_VIRT_ADDR_STAT
Description: F5 LTM Virtual Address Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serverIpAddr |
Server IP |
IP |
|
|
availState |
Availability State |
string |
|
|
enabledState |
Enabled State |
string |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
recvPktsPerSec |
Received Packet Rate |
double |
Received Packet rate (packets/sec) |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
recvBytesPerSec |
Received Byte Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
sentPktsPerSec |
Sent Packet Rate |
double |
Sent Packet rate (packets/sec) |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
sentBytesPerSec |
Sent Byte Rate |
double |
|
|
peakConns |
Peak Connections |
uint64 |
|
|
totConns |
Total Connections |
uint64 |
|
|
totConnsPerSec |
Total Connections/sec |
double |
|
|
activeConns |
Active Connection |
uint64 |
|
|
pvaRecvPkts |
Received PVA Packets |
uint64 |
|
|
pvaRecvPktsPerSec |
Received PVA Pkts/sec |
double |
|
|
pvaRecvBytes |
Received PVA Bytes |
uint64 |
|
|
pvaRecvBytesPerSec |
Received PVA Bps |
double |
|
|
pvaSentPkts |
Sent PVA Packets |
uint64 |
|
|
pvaSentPktsPerSec |
Sent PVA Pkts/sec |
double |
|
|
pvaSentBytes |
Sent PVA Bytes |
uint64 |
|
|
pvaSentBytesPerSec |
Sent PVA Bps |
double |
|
|
pvaMaxConns |
Max PVA Connections |
uint64 |
|
|
pvaTotConns |
Total PVA Connections |
uint64 |
|
|
pvaTotConnsPerSec |
PVA Connections/sec |
double |
|
|
pvaCurrConns |
Current PVA Connections |
uint64 |
|
|
pvaAssistTotConns |
Total PVA Assisted Connections |
uint64 |
|
|
pvaAssistTotConnsPerSec |
PVA Assisted Connections/sec |
double |
|
|
pvaAssistCurrConns |
Assisted PVA Connections |
uint64 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_LTM_VIRT_SERVER_STAT
Description: F5 LTM Virtual Server Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
virtServerName |
Virtual Server name |
string |
|
|
statusDetailedReason |
Status Detail Reason |
string |
|
|
virtServerPort |
Virtual Server Port |
uint16 |
|
|
availState |
Availability State |
string |
|
|
enabledState |
Enabled State |
string |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
recvPktsPerSec |
Received Packet Rate |
double |
Received Packet rate (packets/sec) |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
recvBytesPerSec |
Received Byte Rate |
double |
|
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
sentPktsPerSec |
Sent Packet Rate |
double |
Sent Packet rate (packets/sec) |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
sentBytesPerSec |
Sent Byte Rate |
double |
|
|
peakConns |
Peak Connections |
uint64 |
|
|
totConns |
Total Connections |
uint64 |
|
|
totConnsPerSec |
Total Connections/sec |
double |
|
|
activeConns |
Active Connection |
uint64 |
|
|
pvaRecvPkts |
Received PVA Packets |
uint64 |
|
|
pvaRecvPktsPerSec |
Received PVA Pkts/sec |
double |
|
|
pvaRecvBytes |
Received PVA Bytes |
uint64 |
|
|
pvaRecvBytesPerSec |
Received PVA Bps |
double |
|
|
pvaSentPkts |
Sent PVA Packets |
uint64 |
|
|
pvaSentPktsPerSec |
Sent PVA Pkts/sec |
double |
|
|
pvaSentBytes |
Sent PVA Bytes |
uint64 |
|
|
pvaSentBytesPerSec |
Sent PVA Bps |
double |
|
|
pvaMaxConns |
Max PVA Connections |
uint64 |
|
|
pvaTotConns |
Total PVA Connections |
uint64 |
|
|
pvaTotConnsPerSec |
PVA Connections/sec |
double |
|
|
pvaCurrConns |
Current PVA Connections |
uint64 |
|
|
totRequests |
Total Requests |
uint64 |
|
|
totRequestsPerSec |
Requests/sec |
double |
|
|
pvaAssistTotConns |
Total PVA Assisted Connections |
uint64 |
|
|
pvaAssistTotConnsPerSec |
PVA Assisted Connections/sec |
double |
|
|
pvaAssistCurrConns |
Assisted PVA Connections |
uint64 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_NEW_CONN
Description: F5 New Connnection Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
tcpClientAcceptsPerSec |
TCP Client Connection Accept Rate |
double |
|
|
tcpClientConnsPerSec |
TCP Client Connection Rate |
double |
|
|
serverConnsPerSec |
Server Connection Rate |
double |
|
|
clientConnsPerSec |
Client Connection Rate |
double |
|
|
pvaClientConnsPerSec |
PVA Client Connection Rate |
double |
|
|
pvaServerConnsPerSec |
PVA Server Connection Rate |
double |
|
|
sslClientConnsPerSec |
SSL Client Connection Rate |
double |
|
|
sslServerConnsPerSec |
SSL Server Connection Rate |
double |
|
|
httpRequestsPerSec |
HTTP Request Rate |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_RAM_CACHE
Description: F5 RAM Cache Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
httpRAMCacheHitRate |
HTTP Cache Hit Rate |
double |
|
|
httpRAMCacheHitByteRate |
HTTP Cache Byte Hit Rate |
double |
|
|
httpRAMCacheEvictionRate |
HTTP cache Eviction Rate |
double |
|
EventType: PH_DEV_MON_F5_THROUGHPUT
Description: F5 Throughput Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
clientTotBitsPerSec |
Client Total bps |
double |
|
|
serverTotBitsPerSec |
Server Total bps |
double |
|
|
httpCompressionBitsPerSec |
HTTP Compression bps |
double |
|
|
clientInBitsPerSec |
Client Recv bps |
double |
|
|
clientOutBitsPerSec |
Client Sent bps |
double |
|
|
serverInBitsPerSec |
Server Recv bps |
double |
|
|
serverOutBitsPerSec |
Server Sent bps |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_F5_TMM_MEM_UTIL
Description: F5 per TMM memory utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
tmmName |
F5 TMM Name |
string |
|
|
memUtil |
Memory Util |
double |
|
|
totalMemKB |
Total Memory |
uint32 |
|
|
freeMemKB |
Free Memory |
uint32 |
|
|
usedMemKB |
Used Memory |
uint32 |
|
EventType: PH_DEV_MON_FGT_SEC_POSTURE_DETAILS
Description: FortiGate Security Posture - Per device audit details
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
type |
Type |
string |
|
|
subtype |
Subtype |
string |
|
|
eventSeverityCat |
Event Severity Category |
string |
It takes 3 values - High, Medium and Low based on Event Severity. (1-4 : Low, 5-8 : Medium, 9-10 : High) |
|
deviceType |
Device Type |
string |
|
|
serialNumber |
Serial Number |
string |
|
|
auditScore |
Audit Score |
double |
|
|
status |
Status |
string |
|
EventType: PH_DEV_MON_FGT_SEC_POSTURE_DETECTED_ENDPOINTS
Description: FortiGate Security Posture - Detected Endpoint Types
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
totGenericDevs |
Total Generic Devices |
uint32 |
|
|
totFortigateDevs |
Total FortiGates |
uint32 |
|
|
totFortimgrDevs |
Total FortiManager |
uint32 |
|
|
totFortisandboxDevs |
Total FortiSandbox Devices |
uint32 |
|
|
totWindowsDevs |
Total Windows Devices |
uint32 |
|
|
totLinuxDevs |
Total Linux Devices |
uint32 |
|
|
totAppleDevs |
Total Apple Devices |
uint32 |
|
|
totMobileDevs |
Total Mobile Devices |
uint32 |
|
EventType: PH_DEV_MON_FGT_SEC_POSTURE_FABRIC_GRADE
Description: FortiGate Security Posture - Overall Fabric Grade
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
letterGrade |
Letter Grade |
string |
|
EventType: PH_DEV_MON_FGT_SEC_POSTURE_PER_CATEGORY_GRADE
Description: FortiGate Security Posture - Per category grade
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
type |
Type |
string |
|
|
gradePercent |
Grade Percentage |
uint32 |
|
|
letterGrade |
Letter Grade |
string |
|
|
eventSeverityCat |
Event Severity Category |
string |
It takes 3 values - High, Medium and Low based on Event Severity. (1-4 : Low, 5-8 : Medium, 9-10 : High) |
|
totalNum |
Total Number of Items |
uint32 |
|
EventType: PH_DEV_MON_FGT_SEC_POSTURE_PER_CATEGORY_STATS
Description: FortiGate Security Posture - Per category summary
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
type |
Type |
string |
|
|
totalChecks |
Total Checks |
uint32 |
|
|
totalFailedChecks |
Total Failed Checks |
uint32 |
|
|
totalExemptChecks |
Total Exempt Checks |
uint32 |
|
|
totalPassedChecks |
Total Passed Checks |
uint32 |
|
|
totalRecommendations |
Total Recommendations |
uint32 |
|
|
auditScore |
Audit Score |
double |
|
|
lowSevCount |
Low Severity Count |
uint32 |
|
|
mediumSevCount |
Medium Severity Count |
uint32 |
|
|
highSevCount |
High Severity Count |
uint32 |
|
|
criticalSevCount |
Critical Severity Count |
uint32 |
|
EventType: PH_DEV_MON_FGT_SEC_POSTURE_PER_DEVICE_STATS
Description: FortiGate Security Posture - Per device summary
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
serialNumber |
Serial Number |
string |
|
|
totalChecks |
Total Checks |
uint32 |
|
|
totalFailedChecks |
Total Failed Checks |
uint32 |
|
|
totalExemptChecks |
Total Exempt Checks |
uint32 |
|
|
totalPassedChecks |
Total Passed Checks |
uint32 |
|
|
totalRecommendations |
Total Recommendations |
uint32 |
|
|
auditScore |
Audit Score |
double |
|
|
lowSevCount |
Low Severity Count |
uint32 |
|
|
mediumSevCount |
Medium Severity Count |
uint32 |
|
|
highSevCount |
High Severity Count |
uint32 |
|
|
criticalSevCount |
Critical Severity Count |
uint32 |
|
EventType: PH_DEV_MON_FGT_USER_INFO
Description: FortiGate User Device Informational Event
Severity: 4 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostVendor |
Host Vendor |
string |
This field captures the vendor of the reported event |
|
hostMACAddr |
Host MAC |
string |
Host Layer 2 MAC Address in the log |
|
vdom |
Virtual Domain |
string |
|
|
osName |
Operating System Name |
string |
|
|
osVersion |
Operating System Version |
string |
|
|
userFullName |
User Full Name |
string |
|
|
lastSeenTime |
Last Seen Time |
Date |
|
|
appName |
Application Name |
string |
|
|
user |
User |
string |
|
|
firstSeenTime |
First Seen Time |
Date |
|
|
tagName |
Tag Name |
string |
|
|
emsSerialNumber |
FortiEMS Serial Number |
string |
|
|
srcAppVersion |
Source App Version |
string |
|
|
discoveryDomain |
Discovery Domain |
string |
|
|
purdueLevel |
Purdue Level |
double |
|
|
vulnCount |
Vulnerability Count |
uint64 |
|
|
vulnCountCritical |
Vulnerability Count Critical |
uint16 |
|
|
vulnCountHigh |
Vulnerability Count High |
uint16 |
|
|
vulnCountMedium |
Vulnerability Count Medium |
uint16 |
|
|
vulnCountLow |
Vulnerability Count Low |
uint16 |
|
|
vulnCountInfo |
Vulnerability Count Info |
uint16 |
|
EventType: PH_DEV_MON_FILE_CONTENT_CHANGE
Description: Monitored file modified
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
fileName |
File Name |
string |
|
|
hashCode |
Hash Code |
string |
|
|
oldSVNVersion |
Old SVN Version |
uint32 |
|
|
newSVNVersion |
New SVN Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
|
user |
User |
string |
|
|
hashAlgo |
Hash Algorithm |
string |
|
EventType: PH_DEV_MON_FIREAMP_DISCOVERY_CLIENT_APP
Description: FireAMP Client App discovery event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
clientAppId |
Client App Id |
uint32 |
|
|
appName |
Application Name |
string |
|
EventType: PH_DEV_MON_FIREAMP_DISCOVERY_NETWORK_PROTOCOL
Description: FireAMP Network App discovery event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
EventType: PH_DEV_MON_FIREAMP_DISCOVERY_OS_FINGERPRINT
Description: FireAMP OS discovery event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
fingerprintId |
Fingerprint |
string |
|
|
osType |
Operating System |
string |
|
|
hostVendor |
Host Vendor |
string |
This field captures the vendor of the reported event |
|
osVersion |
Operating System Version |
string |
|
EventType: PH_DEV_MON_FIREAMP_DISCOVERY_SERVER
Description: FireAMP Server discovery event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
applicationId |
Application Id |
uint32 |
|
|
appTransportProto |
Application Protocol |
string |
|
EventType: PH_DEV_MON_FIREAMP_FILE
Description: FireAMP File Analysis event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
envSensorId |
Env Sensor Id |
string |
|
|
deviceTime |
Device Time |
Date |
This is the timestamp as seen in the raw log. This is converted and stored as epoch milliseconds. Note that the deviceTime, or event occur time, is different than the event receive time by the SIEM. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
fileName |
File Name |
string |
|
|
hashAlgo |
Hash Algorithm |
string |
|
|
hashCode |
Hash Code |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
|
fileDirection |
File Direction |
uint16 |
|
|
fireAmpDisposition |
FireAmp Disposition |
uint16 |
|
|
fireAmpSperoDisposition |
FireAmp Spero Disposition |
uint16 |
|
|
fireAmpFileStorageStatus |
FireAmp File Storage Status |
uint16 |
|
|
fireAmpFileAnalysisStatus |
FireAmp File Analysis Status |
uint16 |
|
|
threatScore |
Threat Score |
uint16 |
|
|
fireAmpFileAction |
FireAmp File Action |
uint16 |
|
|
fileType |
File Type |
string |
|
|
applicationId |
Application Id |
uint32 |
|
|
destUserId |
Destination User Id |
uint32 |
|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
signatureName |
Signature Name |
string |
|
|
accessCtlPolicyId |
Access Control Policy Id |
uint32 |
|
|
srcGeoCountryCode |
Source Country Number |
uint32 |
|
|
destGeoCountryCode |
Destination Country Number |
uint32 |
|
|
webAppId |
Web App Id |
uint32 |
|
|
clientAppId |
Client App Id |
uint32 |
|
|
connCounter |
Connection Counter |
uint64 |
|
|
connEventTime |
Connection Event Time |
Date |
|
EventType: PH_DEV_MON_FIREAMP_IMPACT_FLAG
Description: FireAMP Impact Flag event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
envSensorId |
Env Sensor Id |
string |
|
|
snortEventId |
Snort Event ID |
uint64 |
Event ID of a Snort IPS Device |
|
deviceTime |
Device Time |
Date |
This is the timestamp as seen in the raw log. This is converted and stored as epoch milliseconds. Note that the deviceTime, or event occur time, is different than the event receive time by the SIEM. |
|
eventType |
Event Type |
string |
This is the unique log name, identifying the product and type of log. This is a key attribute for most queries. |
|
compEventType |
Component Event Type |
string |
This is the event type in the Incident event. Since Incident itself is an event with its own event type, this variable is needed to capture the event type of the triggering events in the IncidentDetail attribute. |
|
ipsGeneratorId |
IPS Generator Id |
uint64 |
|
|
ipsSignatureId |
Signature Id |
uint64 |
|
|
ipsClassificationId |
IPS Classification Id |
uint64 |
|
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
fireAmpImpactFlag |
FireAmp Impact Flag |
uint16 |
|
EventType: PH_DEV_MON_FIREAMP_INTRUSION
Description: FireAMP Intrusion event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
envSensorId |
Env Sensor Id |
string |
|
|
snortEventId |
Snort Event ID |
uint64 |
Event ID of a Snort IPS Device |
|
deviceTime |
Device Time |
Date |
This is the timestamp as seen in the raw log. This is converted and stored as epoch milliseconds. Note that the deviceTime, or event occur time, is different than the event receive time by the SIEM. |
|
eventType |
Event Type |
string |
This is the unique log name, identifying the product and type of log. This is a key attribute for most queries. |
|
compEventType |
Component Event Type |
string |
This is the event type in the Incident event. Since Incident itself is an event with its own event type, this variable is needed to capture the event type of the triggering events in the IncidentDetail attribute. |
|
ipsGeneratorId |
IPS Generator Id |
uint64 |
|
|
ipsSignatureId |
Signature Id |
uint64 |
|
|
ipsClassificationId |
IPS Classification Id |
uint64 |
|
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
iocNum |
IOC Number |
uint32 |
|
|
fireAmpImpactFlag |
FireAmp Impact Flag |
uint16 |
|
|
fireAmpImpact |
FireAmp Impact |
uint16 |
|
|
eventAction |
Event Action |
uint16 |
This is an unsigned integer boolean. 0 means permitted, 1 means blocked. It is used by various parsers to indicate success / failure or permit/deny. |
|
mplsLabel |
MPLS Label |
uint32 |
|
|
hostVLAN |
Host VLAN |
uint16 |
Host VLAN Number |
|
userId |
User Id |
string |
|
|
webAppId |
Web App Id |
uint32 |
|
|
clientAppId |
Client App Id |
uint32 |
|
|
appProtoId |
App Proto Id |
uint32 |
|
|
fwRule |
Firewall Rule |
string |
Firewall Rule Name |
|
policyName |
Policy Name |
string |
|
|
srcIntfName |
Source Interface Name |
string |
Name of the network interface through which a packet enters a network device. This information is typically present in Firewall logs. |
|
destIntfName |
Destination Interface Name |
string |
Name of the network interface through which a packet exits a network device. This information is typically present in Firewall logs. |
|
srcFwZone |
Source Firewall Zone |
string |
Source Firewall Zone found in Firewall logs |
|
destFwZone |
Destination Firewall Zone |
string |
Destination Firewall Zone found in Firewall logs |
|
connEventTime |
Connection Event Time |
Date |
|
|
connCounter |
Connection Counter |
uint64 |
|
|
srcGeoCountryCode |
Source Country Number |
uint32 |
|
|
destGeoCountryCode |
Destination Country Number |
uint32 |
|
EventType: PH_DEV_MON_FIREAMP_MALWARE
Description: FireAMP Malware event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
envSensorId |
Env Sensor Id |
string |
|
|
deviceTime |
Device Time |
Date |
This is the timestamp as seen in the raw log. This is converted and stored as epoch milliseconds. Note that the deviceTime, or event occur time, is different than the event receive time by the SIEM. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
fileName |
File Name |
string |
|
|
filePath |
File Path |
string |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
|
fileType |
File Type |
string |
|
|
fileTimestamp |
File Timestamp |
Date |
|
|
hashAlgo |
Hash Algorithm |
string |
|
|
hashCode |
Hash Code |
string |
|
|
fileDirection |
File Direction |
uint16 |
|
|
fireAmpFileAction |
FireAmp File Action |
uint16 |
|
|
parentFileName |
Parent File Name |
string |
|
|
parentFileHashCode |
Parent File Hash Code |
string |
|
|
infoURL |
Informational URL |
string |
This field captures an URL if present in an event |
|
threatScore |
Threat Score |
uint16 |
|
|
fireAmpDisposition |
FireAmp Disposition |
uint16 |
|
|
fireAmpRetrospectiveDisposition |
FireAmp Retrospective Disposition |
uint16 |
|
|
iocNum |
IOC Number |
uint32 |
|
|
accessCtlPolicyId |
Access Control Policy Id |
uint32 |
|
|
srcGeoCountryCode |
Source Country Number |
uint32 |
|
|
destGeoCountryCode |
Destination Country Number |
uint32 |
|
|
webAppId |
Web App Id |
uint32 |
|
|
clientAppId |
Client App Id |
uint32 |
|
|
applicationId |
Application Id |
uint32 |
|
|
connEventTime |
Connection Event Time |
Date |
|
|
connCounter |
Connection Counter |
uint64 |
|
|
cloudSecIntelId |
Cloud Security Intel Id |
uint32 |
|
EventType: PH_DEV_MON_FIREAMP_USER_LOGIN
Description: FireAMP user login event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
deviceTime |
Device Time |
Date |
This is the timestamp as seen in the raw log. This is converted and stored as epoch milliseconds. Note that the deviceTime, or event occur time, is different than the event receive time by the SIEM. |
|
user |
User |
string |
|
|
userId |
User Id |
string |
|
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
emailId |
Email Id |
string |
|
|
loginType |
Login Type |
string |
|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_DEV_MON_FORTIAP_INTF_UTIL
Description: FortiAP interface performance
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_FORTIAP_PERF
Description: FortiAP performance
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_FORTIAP_STAT
Description: FortiAP Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
sysUpTime |
System Uptime |
uint32 |
|
|
wtpDaemonUpTime |
WLAN AP Daemon Uptime |
uint32 |
WLAN AP Daemon Uptime found in SNMP based WLAN monitoring |
|
wtpSessionUpTime |
WLAN AP Session Uptime |
uint32 |
WLAN AP Session Uptime found in SNMP based WLAN monitoring |
|
numWlanClient |
WLAN Station Count |
uint32 |
WLAN Station Count found in SNMP based WLAN monitoring |
|
ftntWtpSessionStatus |
WLAN AP Session Status |
uint32 |
WLAN AP Session Status found in SNMP based WLAN monitoring |
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_FORTIGATE_INTF_UTIL
Description: Fortigate interface performance
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_FORTIGATE_PERF
Description: Fortigate performance
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_FORTIMAIL_SESSION_COUNT
Description: FortiMail session count
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
count |
Count |
uint32 |
A general count variable. A common use case is for incidents. Count represents how many times an Incident occurred in a time interval. When an Incident with the same group by parameters occurs again. The count is incremented and the Last Seen time is advanced. Count can be used for other events also. |
EventType: PH_DEV_MON_FORTIMAIL_SYS_LOAD
Description: FortiMail system load
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
numJob |
Average System Job |
uint32 |
|
EventType: PH_DEV_MON_FORTINET_PROCESSOR_USAGE
Description: FortiGate Firewall Processor Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cpuName |
CPU Name |
string |
|
|
sysCpuUtil |
System CPU Util |
double |
|
|
userCpuUtil |
User CPU Util |
double |
|
|
cpuUtil |
CPU Util |
double |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
recvPktsPerSec |
Received Packet Rate |
double |
Received Packet rate (packets/sec) |
|
sentPktsPerSec |
Sent Packet Rate |
double |
Sent Packet rate (packets/sec) |
|
totPktDrop |
Dropped Packets |
uint64 |
Packets dropped |
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_FORTINET_QOS
Description: Fortinet QoS metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
qosClassId |
QoS Class Id |
uint32 |
|
|
direction |
Direction |
string |
|
|
guaranteedBandwidth |
Guaranteed Bandwidth |
double |
|
|
allocatedBandwidth |
Allocated Bandwidth |
double |
|
|
peakBandwidth |
Peak Bandwidth |
double |
|
|
currentBandwidth |
Current Bandwidth |
double |
|
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
|
totPktDrop |
Dropped Packets |
uint64 |
Packets dropped |
EventType: PH_DEV_MON_FORTISWITCH_PERF
Description: FortiSwitch performance
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_FORTIWLC_QOS_STAT
Description: FortiWLC QoS statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
qosSessionCount |
QoS Session Count |
uint32 |
|
|
qosH323SessionCount |
QoS H.323 Seession Count |
uint32 |
|
|
qosSipSessionCount |
QoS SIP Session Count |
uint32 |
|
|
qosSccpSessionCount |
QoS SCCP Session Count |
uint32 |
|
|
qosRejectedSessionCount |
QoS Rejected Session Count |
uint32 |
|
|
qosRejectedH323SessionCount |
QoS Rejected H.323 Session Count |
uint32 |
|
|
qosRejectedSipSessionCount |
QoS Rejected SIP Session Count |
uint32 |
|
|
qosRejectedSccpSessionCount |
QoS Rejected SCCP Session Count |
uint32 |
|
|
qosPendingSessionCount |
QoS Pending Session Count |
uint32 |
|
|
qosH323PendingSessionCount |
QoS H.323 Pending Session Count |
uint32 |
|
|
qosSipPendingSessionCount |
QoS SIP Pending Session Count |
uint32 |
|
|
qosSccpPendingSessionCount |
QoS SCCP Pending Session Count |
uint32 |
|
|
qosActiveFlowCount |
QoS Active Flow Count |
uint32 |
|
|
qosPendingFlowCount |
QoS Pending Flow Count |
uint32 |
|
EventType: PH_DEV_MON_FORTIWLC_STATIONS
Description: FortiWLC Station Count
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
station11a |
802.11a Station Count |
uint32 |
|
|
station11b |
802.11b Station Count |
uint32 |
|
|
station11bg |
802.11bg Station Count |
uint32 |
|
|
stationData |
Data Station Copunt |
uint32 |
|
|
stationPhone |
Phone Station Count |
uint32 |
|
|
stationWired |
Wired Station Count |
uint32 |
|
|
stationUnknown |
Unknown Station Count |
uint32 |
|
EventType: PH_DEV_MON_FORTIWLC_SYS_THRUPUT
Description: FortiWLC system throughput
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
wlanRecvBitsPerSec |
WLAN Recv Rate bps |
double |
WLAN Recv Rate (in bits/sec)s found in SNMP based WLAN monitoring |
|
wlanSentBitsPerSec |
WLAN Sent Rate bps |
double |
WLAN Sent Rate (in bits/sec) found in SNMP based WLAN monitoring |
EventType: PH_DEV_MON_FPC_LIEBERT_METRIC
Description: Liebert FPC metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
outputVoltageXNVolts |
Output Voltage X-N |
uint32 |
|
|
outputVoltageYNVolts |
Output Voltage Y-N |
uint32 |
|
|
outputVoltageZNVolts |
Output Voltage Z-N |
uint32 |
|
|
outputCurrentXAmps |
Output Current X Amps |
uint32 |
|
|
outputCurrentYAmps |
Output Current Y Amps |
uint32 |
|
|
outputCurrentZAmps |
Output Current Z Amps |
uint32 |
|
|
neutralCurrentAmps |
Neutral Current Amps |
uint32 |
|
|
groundCurrentAmps |
Ground Current Amps |
double |
|
|
outputPowerWatts |
Output Power Watts |
uint32 |
|
|
powerFactor |
Power Factor |
uint32 |
|
|
outputFrequency |
Output Frequency Hz |
uint32 |
|
|
outputVxTHD |
Output Vx THD |
double |
|
|
outputVyTHD |
Output Vy THD |
double |
|
|
outputVzTHD |
Output Vz THD |
double |
|
|
outputLxTHD |
Output lx THD |
double |
|
|
outputLyTHD |
Output ly THD |
double |
|
|
outputLzTHD |
Output lz THD |
double |
|
|
outputKWh |
Output kWh |
double |
|
|
outputLxCrestFactor |
Output lx Crest Factor |
double |
|
|
outputLyCrestFactor |
Output ly Crest Factor |
double |
|
|
outputLzCrestFactor |
Output lz Crest Factor |
double |
|
|
outputLxKFactor |
Output lx K-Factor |
double |
|
|
outputLyKFactor |
Output ly K-Factor |
double |
|
|
outputLzKFactor |
Output lz K-Factor |
double |
|
|
outputLxCapacity |
Output lx Capacity |
uint32 |
|
|
outputLyCapacity |
Output ly Capacity |
uint32 |
|
|
outputLzCapacity |
Output lz Capacity |
uint32 |
|
EventType: PH_DEV_MON_FW_CONN_UTIL
Description: Firewall connection count stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
fwConnCount |
Firewall Session |
uint32 |
Number of concurrent sessions, typically found in Stateful Firewall performance statistic log |
|
fwConnPct |
Firewall Session Utilization |
double |
Concurrent sessions utilization defined as the ratio of concurrent sessions and max allowed concurrent sessions, typically found in Stateful Firewall performance statistic log |
|
pollIntv |
Polling Interval |
uint32 |
|
|
fwConnMax |
Max Firewall Conn |
uint32 |
Maximum number of Firewall Connections reported by Firewalls. |
|
tcpFwConnCount |
TCP Connection |
uint32 |
Total number of TCP Connections reported by Firewalls. |
|
udpFwConnCount |
UDP Connection |
uint32 |
Total number of UDP Connections reported by Firewalls. |
|
icmpFwConnCount |
ICMP Connection |
uint32 |
Total number of ICMP Connections reported by Firewalls. |
|
fwConnRate |
Firewall Session Rate |
uint32 |
|
EventType: PH_DEV_MON_GITHUB_BRANCH_EVENT
Description: GitHub Branch Create/Delete Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
branchName |
Branch Name |
string |
|
|
actionName |
Notification Action Name |
string |
|
EventType: PH_DEV_MON_GITHUB_COMMIT
Description: User committed code to a GitHub repository
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
comment |
Comment |
string |
|
|
srcFileName |
Source File Name |
string |
|
|
actionName |
Notification Action Name |
string |
|
EventType: PH_DEV_MON_GITHUB_EVENT
Description: GitHub event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
EventType: PH_DEV_MON_GITHUB_FORK_REPOSITORY_EVENT
Description: GitHub Repository Fork Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
|
newRepoName |
New Repository Name |
string |
|
EventType: PH_DEV_MON_GITHUB_ISSUE_EVENT
Description: GitHub Issue Action Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
|
title |
Title |
string |
|
|
issueBody |
Issue Body |
string |
|
|
status |
Status |
string |
|
EventType: PH_DEV_MON_GITHUB_MEMBER_EVENT
Description: GitHub user membership and permission change event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
|
memberName |
Member Name |
string |
|
EventType: PH_DEV_MON_GITHUB_ORG_EVENT
Description: GitHub Organization User Block/Unblock Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
EventType: PH_DEV_MON_GITHUB_PROJECT_EVENT
Description: GitHub Project Action Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
|
projectName |
Project Name |
string |
|
EventType: PH_DEV_MON_GITHUB_PULL_REQUEST_EVENT
Description: GitHub Pull Request Action Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
|
title |
Title |
string |
|
|
requestBody |
Request Body |
string |
|
EventType: PH_DEV_MON_GITHUB_PULL_REQUEST_REVIEW_EVENT
Description: GitHub Pull Request Review Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
|
title |
Title |
string |
|
|
requestBody |
Request Body |
string |
|
|
reviewBody |
Review Body |
string |
|
EventType: PH_DEV_MON_GITHUB_REPOSITORY_EVENT
Description: GitHub Repository Create/Delete Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
actionName |
Notification Action Name |
string |
|
EventType: PH_DEV_MON_GITHUB_TAG_EVENT
Description: GitHub Tag Create/Delete Event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
uuid |
UUID |
string |
|
|
type |
Type |
string |
|
|
user |
User |
string |
|
|
repoName |
Repository Name |
string |
|
|
repoURL |
Repository URL |
string |
|
|
reptGeoOrg |
Reporting Organization |
string |
The Organization to which the Reporting IP in event belongs. This information is collected by doing a IP GeoDB lookup for external IPs, and CMDB lookup for internal IPs. The latter requires users to add CMDB Device location information in FortiSIEM GUI. |
|
actionTime |
Notification Action Time |
Date |
|
|
tagName |
Tag Name |
string |
|
|
actionName |
Notification Action Name |
string |
|
EventType: PH_DEV_MON_GLASSFISH_APP
Description: Glassfish application server settings and metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_CONN_STAT
Description: Glassfish http connection statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_CPU
Description: Glassfish CPU usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_DB_POOL
Description: Glassfish database pool metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_EJB
Description: Glassfish EJB metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_JMS
Description: Glassfish JMS usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_MEMORY
Description: Glassfish memory usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_REQUEST_PROCESSOR
Description: Glassfish request processor metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_SERVLET
Description: Glassfish servlet metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_SESSION
Description: Glassfish session metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_GLASSFISH_THREAD_POOL
Description: Glassfish thread pool usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HARDWARE_STATUS
Description: Overall hardware Health status for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HOST_PERF_STATE
Description: Host performance monitoring state
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
durationHostNormal |
Duration Normal |
uint32 |
|
|
durationHostWarn |
Duration Warning |
uint32 |
|
|
durationHostCrit |
Duration Critical |
uint32 |
|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
EventType: PH_DEV_MON_HVAC_LIEBERT_METRIC
Description: Liebert HVAC metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envTempDegC |
Temperature Celsius |
uint32 |
|
|
envTempHighThreshDegC |
High Temperature Threshold Celsius |
uint32 |
|
|
envTempLowThreshDegC |
Low Temperature Threshold Celsius |
uint32 |
|
|
envTempOffHighDegC |
Temp Offset High Celsius |
uint32 |
|
|
envTempOffLowDegC |
Temp Offset Low Celsius |
uint32 |
|
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
|
envTempHighThreshDegF |
High Temperature Threshold Fahrenheit |
uint32 |
|
|
envTempLowThreshDegF |
Low Temperature Threshold Fahrenheit |
uint32 |
|
|
envTempOffHighDegF |
Temp Offset High Fahrenheit |
uint32 |
|
|
envTempOffLowDegF |
Temp Offset Low Fahrenheit |
uint32 |
|
|
envHumidityRel |
Relative Humidity |
uint32 |
|
|
envHumidityRelHighThresh |
High Relative Humidity Threshold |
uint32 |
|
|
envHumidityRelLowThresh |
Low Relative Humidity Threshold |
uint32 |
|
|
envHumidityOffHigh |
Humidity Offset High |
uint32 |
|
|
envHumidityOffLow |
Humidity Offset Low |
uint32 |
|
|
lgpSystemState |
Liebert HVAC System State |
uint16 |
|
|
lgpDehumidState |
Liebert HVAC Dehumidifying State |
uint16 |
|
EventType: PH_DEV_MON_HW_AIRFLOW
Description: Airflow measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
envAirFlow |
Air Flow 0.1meter/min |
uint32 |
|
EventType: PH_DEV_MON_HW_AMP
Description: Current measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
envCurrentAmp |
Current Amp |
double |
|
EventType: PH_DEV_MON_HW_AUDIO
Description: Audio sensor measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
envAudioLevel |
Audio sensor level |
uint32 |
|
EventType: PH_DEV_MON_HW_CAMERA_MOTION
Description: Camera motion sensor measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
cameraMotionSensorVal |
Camera Motion Sensor Value |
string |
|
EventType: PH_DEV_MON_HW_CHASSIS_COMP_STAT
Description: Chassis component environmental measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwCompAdminStateStr |
Chassis Com Admin State |
string |
|
|
hwCompOperStateStr |
Chassis Comp Operational State |
string |
|
|
hwCompSwStateStr |
Chassis Comp Software State |
string |
|
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
|
envTempHighThreshDegF |
High Temperature Threshold Fahrenheit |
uint32 |
|
EventType: PH_DEV_MON_HW_CURRENT
Description: Current measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HW_DEWPT
Description: Dew point measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
envTempDegC |
Temperature Celsius |
uint32 |
|
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
EventType: PH_DEV_MON_HW_DOOR_SWITCH
Description: Door switch sensor measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
doorSwitchSensorVal |
Door Switch Sensor Value |
string |
|
EventType: PH_DEV_MON_HW_DRY_CONTACT
Description: Dry contact sensor measrement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
dryContactSensorVal |
Dry Contact Sensor Value |
string |
|
EventType: PH_DEV_MON_HW_FAN_SPEED
Description: Fan Speed measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
fanSpeed |
Fan Speed |
double |
|
EventType: PH_DEV_MON_HW_HUMIDITY
Description: Relative humidity measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
envHumidityRel |
Relative Humidity |
uint32 |
|
|
envSensorLoc |
Sensor Location |
string |
|
|
envHumidityRelHighThresh |
High Relative Humidity Threshold |
uint32 |
|
|
envHumidityRelLowThresh |
Low Relative Humidity Threshold |
uint32 |
|
EventType: PH_DEV_MON_HW_POWER
Description: Power measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HW_PS_STAT
Description: Power supply environmental measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envPSTrayId |
Power Supply Tray Id |
string |
|
|
hwPowerSupply1StatusStr |
Power Supply 1 State |
string |
|
|
hwPowerSupply2StatusStr |
Power Supply 2 State |
string |
|
|
hwTempSensorStatusStr |
Power Supply Temp Sensor State |
string |
|
|
envTempHighThreshDegF |
High Temperature Threshold Fahrenheit |
uint32 |
|
|
envPSInputStateStr |
Power Supply Input State |
string |
|
|
envPSOutputStateStr |
Power Supply Output State |
string |
|
|
envPSACStateStr |
Power Supply AC State |
string |
|
|
envPSDCStateStr |
Power Supply DC State |
string |
|
EventType: PH_DEV_MON_HW_STACK_UNIT
Description: Stack unit status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
|
cpuUtil |
CPU Util |
double |
|
|
memUtil |
Memory Util |
double |
|
EventType: PH_DEV_MON_HW_STATUS
Description: Hardware health status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwBatteryStatus |
Hardware Battery Status |
uint16 |
Hardware Battery Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwDiskStatus |
Hardware Disk Status |
uint16 |
Hardware Disk Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwMemoryStatus |
Hardware Memory Status |
uint16 |
Hardware Memory Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwPowerSupplyStatus |
Hardware Power Supply Status |
uint16 |
Hardware Power Supply Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwTempSensorStatus |
Hardware Temperature Sensor Status |
uint16 |
Hardware Temperature Sensor Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwFanStatus |
Hardware Fan Status |
uint16 |
Hardware Fan Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwAmpStatus |
Hardware Amp Status |
uint16 |
Hardware Amp Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwVoltageStatus |
Hardware Voltage Status |
uint16 |
Hardware Voltage Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwFailedPowerSupplyCount |
Failed Power Supply Count |
uint16 |
Failed Power Supply Count from SNMP based hardware monitoring |
|
hwFailedFanCount |
Failed Fan Count |
uint16 |
Failed Fan Count from SNMP based hardware monitoring |
|
hwLCCStatus |
Storage LCC Status |
uint16 |
|
|
hwLinkStatus |
Storage Link Status |
uint16 |
|
|
hwPortStatus |
Storage Port Status |
uint16 |
|
|
hwHotSpareDiskCount |
Hot Spare Disk Count |
uint32 |
|
|
hwMiscCompStatus |
Misc Component Status |
uint16 |
|
|
hwRaidStatus |
Hardware Raid Status |
uint16 |
Hardware Raid Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwRelHumidStatus |
Relative Humidity Status |
uint16 |
|
|
hwDewPtStatus |
Dew Point Status |
uint16 |
|
|
hwAudioStatus |
Audio Sensor Status |
uint16 |
|
|
hwAirFlowStatus |
Air Flow Status |
uint16 |
|
|
hwGenNumericSensorStatus |
Generic Numeric Sensor Status |
uint16 |
|
|
hwDryContactStatus |
Dry Contact Status |
uint16 |
|
|
hwDoorSwitchStatus |
Door Switch Status |
uint16 |
|
|
hwCameraMotionStatus |
Camera Motion Status |
uint16 |
|
|
hwGenStateSensorStatus |
Generic State Sensor Status |
uint16 |
|
|
hwPowerEnclosureStatus |
Hardware Power Enclosure Status |
uint16 |
Hardware Power Enclosure Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwChassisStatus |
Hardware Chassis Status |
uint16 |
Hardware Chassis Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwIOMStatus |
Hardware IO Module Status |
uint16 |
Hardware IO Module Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwKVMStatus |
Hardware KVM Status |
uint16 |
Hardware KVM Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwRedundantStatus |
Hardware Redundancy Status |
uint16 |
Hardware Redundancy Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwBladeStatus |
Hardware Blade Status |
uint16 |
Hardware Blade Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwDellCMCStatus |
Hardware Dell CMC Status |
uint16 |
Hardware Dell CMC Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwFileSystemStatus |
File System Status |
uint16 |
|
|
hwStackUnitStatus |
Hardware Stack Unit Status |
uint16 |
Hardware Stack Unit Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwProbeStatus |
Hardware Probe Status |
uint16 |
Hardware Probe Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwInputContactStatus |
Hardware Input Contact Status |
uint16 |
Hardware Input Contact Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwOutputRelayStatus |
Hardware Output Relay Status |
uint16 |
Hardware Output Relay Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwOutletStatus |
Hardware Outlet Status |
uint16 |
Hardware Outlet Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwAlarmDeviceStatus |
Hardware Alarm Device Status |
uint16 |
Hardware Alarm Device Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwMemSensorStatus |
Hardware Mem Sensor Status |
uint16 |
Hardware Mem Sensor Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwMemOutputStatus |
Hardware Mem Output Status |
uint16 |
Hardware Mem Output Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwMemOutletStatus |
Hardware Outlet Status |
uint16 |
Hardware Outlet Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwMemBeaconStatus |
Hardware Mem Beacon Status |
uint16 |
Hardware Mem Beacon Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
hwSlotStatus |
Hardware Slot Status |
uint16 |
Hardware Slot Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
EventType: PH_DEV_MON_HW_STATUS_AIRFLOW_CRIT
Description: Airflow critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_AIRFLOW_WARN
Description: Airflow warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_ALARMDEVICE_CRIT
Description: Alarm Device hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_ALARMDEVICE_WARN
Description: Alarm Device hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_AMP_CRIT
Description: Amp hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_AMP_WARN
Description: Amp hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_AUDIO_CRIT
Description: Audio sensor critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_AUDIO_WARN
Description: Audio sensor warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_BATTERY_CRIT
Description: Battery hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_BATTERY_WARN
Description: Battery hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_CAMERA_MOTION_CRIT
Description: Camera motion critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_CAMERA_MOTION_WARN
Description: Camera motion warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DEWPT_CRIT
Description: Dew Point temperature critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DEWPT_WARN
Description: Dew Point temperature warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DISK_CRIT
Description: Disk hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DISK_WARN
Description: Disk hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DOOR_SWITCH_CRIT
Description: Door switch critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DOOR_SWITCH_WARN
Description: Door switch warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DRY_CONTACT_CRIT
Description: Dry Contact sensor critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_DRY_CONTACT_WARN
Description: Dry Contact Sensor warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_FAN_CRIT
Description: Fan hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_FAN_WARN
Description: Fan hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_FILESYSTEM_CRIT
Description: File system hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_FILESYSTEM_WARN
Description: File system hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_GEN_NUMERIC_SENSOR_CRIT
Description: Generic Numeric Sensor critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_GEN_NUMERIC_SENSOR_WARN
Description: Generic Numeric Sensor warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_GEN_STATE_SENSOR_CRIT
Description: Generic state sensor critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_GEN_STATE_SENSOR_WARN
Description: Generic state sensor warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_HUMIDITY_CRIT
Description: Relative humidity critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_HUMIDITY_WARN
Description: Relative humidity warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_INPUTCONTACT_CRIT
Description: Input Contact hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_INPUTCONTACT_WARN
Description: Input Contact hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_LCC_CRIT
Description: SAN Link Control Card hardware critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_LCC_WARN
Description: SAN Link Control Card hardware warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_LINK_CRIT
Description: SAN host link critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_LINK_WARN
Description: SAN host link warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMBEACON_CRIT
Description: Memory Beacon hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMBEACON_WARN
Description: Memory Beacon hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMORY_CRIT
Description: Memory hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMORY_WARN
Description: Memory hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMOUTLET_CRIT
Description: Memory Outlet hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMOUTLET_WARN
Description: Memory Outlet hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMOUTPUT_CRIT
Description: Memory Output hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMOUTPUT_WARN
Description: Memory Output hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMSENSOR_CRIT
Description: Memory Sensor hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MEMSENSOR_WARN
Description: Memory Sensor hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MISC_CRIT
Description: Miscellaneous hardware critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_MISC_WARN
Description: Miscellaneous hardware warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_OUTLET_CRIT
Description: Outlet hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_OUTLET_WARN
Description: Outlet hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_OUTPUTRELAY_CRIT
Description: Output relay hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_OUTPUTRELAY_WARN
Description: Output relay hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_PORT_CRIT
Description: SAN storage port hardware critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_PORT_WARN
Description: SAN storage port hardware warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_POWERSUPPLY_CRIT
Description: Power supply hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_POWERSUPPLY_WARN
Description: Power supply hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_POWER_ENCLOSURE_CRIT
Description: Power enclosure health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_POWER_ENCLOSURE_WARN
Description: Power enclosure health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_PROBE_CRIT
Description: Probe hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_PROBE_WARN
Description: Probe hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_SLOT_CRIT
Description: Hardware Status Critical
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_SLOT_WARN
Description: Hardware Status Warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_STACKUNIT_CRIT
Description: Stackunit critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_STACKUNIT_WARN
Description: Stackunit warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_TEMP_CRIT
Description: Temperature sensor hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_TEMP_WARN
Description: Temperature sensor hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_VOLTAGE_CRIT
Description: Voltage hardware health: Critical
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_STATUS_VOLTAGE_WARN
Description: Voltage hardware health: Warning
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwStatusCode |
Hardware Status |
uint16 |
This attribute represents hardware status of a device |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
hwComponentStatus |
Hardware Component Status |
string |
This field represents the specific issue with the component in hwComponentName field, when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), hwComponentName specifies a specific disk, say disk1 and this field states the specific issue with disk1 |
EventType: PH_DEV_MON_HW_TEMP
Description: Temperature measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
envTempDegC |
Temperature Celsius |
uint32 |
|
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
|
envTempHighThreshDegC |
High Temperature Threshold Celsius |
uint32 |
|
|
envTempOffHighDegC |
Temp Offset High Celsius |
uint32 |
|
|
envTempHighThreshDegF |
High Temperature Threshold Fahrenheit |
uint32 |
|
|
envTempOffHighDegF |
Temp Offset High Fahrenheit |
uint32 |
|
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorEnclosureId |
Sensor Enclosure Id |
string |
|
|
devPort |
Device Port |
string |
Name of the physical network port a device |
|
envSensorLoc |
Sensor Location |
string |
|
|
envTempLowThreshDegF |
Low Temperature Threshold Fahrenheit |
uint32 |
|
|
envTempLowThreshDegC |
Low Temperature Threshold Celsius |
uint32 |
|
EventType: PH_DEV_MON_HW_VOLTAGE
Description: Voltage measurement
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
envVoltage |
Voltage |
double |
|
EventType: PH_DEV_MON_HYPERV_CPU_GUEST_VIRTUAL_PROC
Description: HyperV Guest Virtual Processor Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_CPU_LOGICAL_PROC
Description: HyperV Logical Processor Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_CPU_ROOT_VIRTUAL_PROC
Description: HyperV Root Virtual Processor Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_OVERALL
Description: HyperV Root Memory Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_PARTITION
Description: HyperV Memory Partition usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_PARTITION_PER_VM
Description: HyperV per-VM Memory Partition usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_ROOT_PARTITION
Description: HyperV Root Partition Total Memory Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_ROOT_PARTITION_ROOT
Description: HyperV Root Partition Root Memory Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_VID_PARTITION
Description: HyperV VID Partition Memory Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_MEM_VID_PARTITION_PER_VM
Description: HyperV per-VM VID Partition Memory Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_NET_LEGACY_ADAPTER
Description: HyperV Virtual Switch Per Adapter Network Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_NET_VIRTUAL_ADAPTER
Description: HyperV Virtual Switch Per Adapter Network Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_NET_VIRTUAL_SWITCH
Description: HyperV Virtual Switch Network Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_OVERALL_HEALTH
Description: HyperV Machine Health Summary
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_OVERALL_SYSINFO
Description: HyperV System Information
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_STORAGE_LOGICAL_DISK
Description: HyperV Logical Disk Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_STORAGE_VIRTUAL_IDE_CONTROLLER
Description: HyperV IDE Controller Storage Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_HYPERV_STORAGE_VIRTUAL_STORAGE
Description: HyperV Virtual Storage Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_INCOMING_EXCEED_GUARANTEED
Description: Incoming eps exceeded Guaranteed eps at a collector
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
|
collectorId |
Collector ID |
uint32 |
This field captures the ID of a FortiSIEM Collector |
|
phCollectorName |
Collector Name |
string |
Name of the FortiSIEM Collector. The name is set in GUI. |
|
incomingEventsPerSec |
Incoming Event Rate |
double |
This is a FortiSIEM event ingestion rate calculated every 3 minutes, divided by 180 to generate a rolling EPS (Events Per Second) interval. |
|
guaranteedEventsPerSec |
Guaranteed EPS |
uint64 |
|
EventType: PH_DEV_MON_INTF_ADMIN_DOWN_TO_UP
Description: Network Interface administratively came back up
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
intfAlias |
Host Interface Alias |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DEV_MON_INTF_ADMIN_UP_TO_DOWN
Description: Network Interface administratively went down
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
intfAlias |
Host Interface Alias |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DEV_MON_INTF_OPER_DOWN_TO_UP
Description: Network Interface operationally came back up
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
intfAlias |
Host Interface Alias |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DEV_MON_INTF_OPER_UP_TO_DOWN
Description: Network Interface operationally went down
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
intfAlias |
Host Interface Alias |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_DEV_MON_INTF_USAGE_TOTAL
Description: Aggregate Interface Usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
EventType: PH_DEV_MON_IPSLA_HTTP_MET
Description: IP SLA HTTP Performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipSLAProto |
IP SLA Protocol |
string |
Name of the IP Service Level Agreement (SLA) protocol. This parameter is set during IPSLA monitoring |
|
httpResponseTimeMs |
HTTP Response Time ms |
uint32 |
|
|
dnsResponseTimeMs |
DNS Response Time ms |
uint32 |
|
|
tcpConnectResponseTimeMs |
TCP Connect Response Time ms |
uint32 |
|
|
httpTransactResponseTimeMs |
HTTP Transaction Response Time ms |
uint32 |
|
|
ipslaHttpStatus |
IPSLA HTTP Status |
uint32 |
|
|
ipslaHttpStatusDesc |
IPSLA HTTP Status Description |
string |
|
|
httpStatusCode |
HTTP Status |
string |
|
EventType: PH_DEV_MON_IPSLA_ICMP_MET
Description: ICMP performance metrics collected via IP SLA
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
ipslaTestName |
IP SLA Test Name |
string |
|
|
icmpResponseTimeMs |
ICMP Response Time ms |
uint32 |
|
EventType: PH_DEV_MON_IPSLA_MET
Description: IP SLA performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipSLAProto |
IP SLA Protocol |
string |
Name of the IP Service Level Agreement (SLA) protocol. This parameter is set during IPSLA monitoring |
|
tos |
IP Type of Service |
uchar |
The type of service (ToS) field present in the IPv4 header. Typically present in Netflow. |
|
dscp |
DSCP |
uchar |
|
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
avgJitterMs |
Avg Jitter |
uint32 |
Average Jitter (msec) |
|
maxJitterMs |
Max Jitter |
uint32 |
Miaximum Jitter (msec) |
|
minJitterMs |
Min Jitter |
uint32 |
Minimum Jitter (msec) |
|
avgJitterSDMs |
Avg SD Jitter |
uint32 |
Average Source to Destination Jitter (msec) |
|
maxJitterSDMs |
Max SD Jitter |
uint32 |
Maximum Source to Destination Jitter (msec) |
|
minJitterSDMs |
Min SD Jitter |
uint32 |
Minimum Source to Destination Jitter (msec) |
|
avgJitterDSMs |
Avg DS Jitter |
uint32 |
Average Destination to Source Jitter (msec) |
|
maxJitterDSMs |
Max DS Jitter |
uint32 |
Maximum Destination to Source Jitter (msec) |
|
minJitterDSMs |
Min DS Jitter |
uint32 |
Minimum Destination to Source Jitter (msec) |
|
pktLost |
Packets Lost |
uint32 |
Total Packets lost (includes Source to Destination and reverse) |
|
pktLostSD |
SD Packets Lost |
uint32 |
Packets lost from Source to Destination |
|
pktLostDS |
DS Packets Lost |
uint32 |
Packets lost from Destination to Source |
|
pktMIA |
Packets Missing |
uint32 |
Packets missing |
|
pktLate |
Packets Late |
uint32 |
Packets late |
|
pktOutSeq |
Pkt Out-of-Seq |
uint32 |
|
EventType: PH_DEV_MON_IPSLA_UDP_MET
Description: IP SLA UDP Performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
udpResponseTimeMs |
UDP Response Time ms |
uint32 |
|
|
ipslaUdpStatus |
IPSLA UDP Status |
uint32 |
|
|
ipslaUdpStatusDesc |
IPSLA UDP Status Description |
string |
|
EventType: PH_DEV_MON_IPSLA_VOIP_MET
Description: VOIP performance metrics collected via IP SLA
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptDevIpAddr |
Reporting IP |
IP |
This is the device that originated the log or event packet, also known as the reporting device. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
ipSLAProto |
IP SLA Protocol |
string |
Name of the IP Service Level Agreement (SLA) protocol. This parameter is set during IPSLA monitoring |
|
codec |
VoIP Codec |
string |
|
|
tos |
IP Type of Service |
uchar |
The type of service (ToS) field present in the IPv4 header. Typically present in Netflow. |
|
dscp |
DSCP |
uchar |
|
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
avgJitterMs |
Avg Jitter |
uint32 |
Average Jitter (msec) |
|
maxJitterMs |
Max Jitter |
uint32 |
Miaximum Jitter (msec) |
|
minJitterMs |
Min Jitter |
uint32 |
Minimum Jitter (msec) |
|
avgJitterSDMs |
Avg SD Jitter |
uint32 |
Average Source to Destination Jitter (msec) |
|
maxJitterSDMs |
Max SD Jitter |
uint32 |
Maximum Source to Destination Jitter (msec) |
|
minJitterSDMs |
Min SD Jitter |
uint32 |
Minimum Source to Destination Jitter (msec) |
|
avgJitterDSMs |
Avg DS Jitter |
uint32 |
Average Destination to Source Jitter (msec) |
|
maxJitterDSMs |
Max DS Jitter |
uint32 |
Maximum Destination to Source Jitter (msec) |
|
minJitterDSMs |
Min DS Jitter |
uint32 |
Minimum Destination to Source Jitter (msec) |
|
pktLost |
Packets Lost |
uint32 |
Total Packets lost (includes Source to Destination and reverse) |
|
pktLostSD |
SD Packets Lost |
uint32 |
Packets lost from Source to Destination |
|
pktLostDS |
DS Packets Lost |
uint32 |
Packets lost from Destination to Source |
|
pktMIA |
Packets Missing |
uint32 |
Packets missing |
|
pktLate |
Packets Late |
uint32 |
Packets late |
|
pktOutSeq |
Pkt Out-of-Seq |
uint32 |
|
|
mosScore |
MOS Score |
double |
MOS (Mean Opinion Score) measures the perceived quality of VoIP audio on a scale from 1 to 5, with 5 being the best possible score. A high MOS rate indicates that the audio quality is good, while a low MOS rate indicates poor audio quality. |
|
icpifScore |
ICPIF Score |
uint32 |
ICPIF (Impairment/Calculated Planning Impairment Factor) quantifies the key impairments to voice quality that are encountered in the network. ICPIF values are expressed in a typical range of 5 (very low impairment) to 55 (very high impairment). |
EventType: PH_DEV_MON_IRONPORT_MAIL_USAGE
Description: Cisco Ironport Mail Usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
workQueueMsgCount |
Mail Work Queue Count |
uint32 |
|
|
diskIOUtil |
Disk IO Util |
double |
|
|
mailQueueUtil |
Mail Queue Util |
double |
|
|
msgAge |
Oldest Message Age sec |
uint32 |
|
|
outstandingDNS |
Outstanding DNS Req |
uint32 |
|
|
pendingDNS |
Pending DNS Req |
uint32 |
|
|
openFile |
Open File Count |
uint32 |
|
|
mtaThreadCount |
MTA Thread Count |
uint32 |
|
|
queueAvailStatus |
Mail Queue Avail Status |
string |
|
EventType: PH_DEV_MON_ISILON_CLUSTER_HEALTH
Description: Isilon Cluster health and performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
svcStatus |
Service Health |
string |
|
|
clusterOnlineMember |
Cluster Online Members |
string |
|
|
clusterOfflineMember |
Cluster Offline Members |
string |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
cpuUtil |
CPU Util |
double |
|
|
userCpuUtil |
User CPU Util |
double |
|
|
kernCpuUtil |
Kernel CPU Util |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
netSentKBytesPerSec |
Net Sent Rate KBps |
double |
|
|
netRecvdKBytesPerSec |
Net Received Rate KBps |
double |
|
EventType: PH_DEV_MON_ISILON_CLUSTER_MEMBERSHIP_CHANGE
Description: Isilon cluster membership change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
addedItem |
Added Item |
string |
|
|
deletedItem |
Deleted Item |
string |
|
EventType: PH_DEV_MON_ISILON_CLUSTER_QUOTA
Description: Isilon quota utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
quotaName |
Quota Name |
string |
|
|
quotaType |
Quota Type |
string |
|
|
quotaSoftThresholdBytes |
Quota Soft Threshold Bytes |
uint64 |
|
|
quotaHardThresholdBytes |
Quota Hard Threshold Bytes |
uint64 |
|
|
quotaAdvThresholdBytes |
Quota Advisory Threshold Bytes |
uint64 |
|
|
quotaUsageBytes |
Quota Usage Bytes |
uint64 |
|
|
quotaUsageWithOverheadBytes |
Quota Usage With Overhead Bytes |
uint64 |
|
|
quotaInodeUsage |
Quota Inode Usage |
uint64 |
|
|
gracePeriod |
Quota Grace Period |
uint64 |
|
EventType: PH_DEV_MON_ISILON_CLUSTER_SNAPSHOT
Description: Isilon snapshot usage
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
snapshotName |
Snapshot Name |
string |
|
|
snapshotDescription |
Snapshot Description |
string |
|
|
snapshotPath |
Snapshot Path |
string |
|
|
snapshotCreateTime |
Snapshot Create Time |
Date |
|
|
snapshotExpiryTime |
Snapshot Expiry Time |
Date |
|
|
fileSize64 |
File Size64 Bytes |
uint64 |
|
EventType: PH_DEV_MON_ISILON_NODE_DISK_PERF
Description: Isilon disk performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
opsPerSec |
Operations/sec |
uint32 |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
EventType: PH_DEV_MON_ISILON_NODE_HEALTH
Description: Isilon node health and performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
svcStatus |
Service Health |
string |
|
|
cluster |
Cluster |
string |
|
|
cpuUtil |
CPU Util |
double |
|
|
userCpuUtil |
User CPU Util |
double |
|
|
kernCpuUtil |
Kernel CPU Util |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
netSentKBytesPerSec |
Net Sent Rate KBps |
double |
|
|
netRecvdKBytesPerSec |
Net Received Rate KBps |
double |
|
EventType: PH_DEV_MON_ISILON_NODE_PROTO_PERF
Description: Isilon protocol performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appName |
Application Name |
string |
|
|
opsPerSec |
Operations/sec |
uint32 |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
minSentBytes |
Min Sent Bytes |
uint64 |
Minimum of Sent Bytes over the report window. Used in Profile Reports only. |
|
maxSentBytes |
Max Sent Bytes |
uint64 |
Maximum of Sent Bytes over the report window. Used in Profile Reports only. |
|
avgSentBytes |
Avg Sent Bytes |
double |
Average of Sent Bytes over the report window. Used in Profile Reports only. |
|
sdevSentBytes |
Std Dev Sent Bytes |
double |
Standard Deviation of Sent Bytes over the report window. Used in Profile Reports only. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
minRecvBytes |
Min Received Bytes |
uint64 |
Minimum of Received Bytes over the report window. Used in Profile Reports only. |
|
maxRecvBytes |
Max Received Bytes |
uint64 |
Maximum of Received Bytes over the report window. Used in Profile Reports only. |
|
avgRecvBytes |
Avg Received Bytes |
double |
Average of Received Bytes over the report window. Used in Profile Reports only. |
|
sdevRecvBytes |
Std Dev Received Bytes |
double |
Standard Deviation of Received Bytes over the report window. Used in Profile Reports only. |
|
latency |
Latency |
double |
|
|
minLatency |
Min Latency |
double |
|
|
maxLatency |
Max Latency |
double |
|
|
avgLatency |
Avg Latency |
double |
|
|
sdevLatency |
Std Dev Latency |
double |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
EventType: PH_DEV_MON_JBOSS_APP
Description: JBOSS application server settings and metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_CPU
Description: JBOSS CPU metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_DB_POOL
Description: JBOSS database pool metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_EJB
Description: JBOSS EJB metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_MEMORY
Description: JBOSS memory usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_REQUEST_PROCESSOR
Description: Weblogic request processor metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_SERVLET
Description: JBOSS servlet metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_SESSION
Description: JBOSS session metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_JBOSS_THREAD_POOL
Description: JBOSS thread pool usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_LOG_ALL_DEVICE_DELAY_HIGH
Description: Log receipt delay for all devices from a collection point crossed high water mark
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_LOG_ALL_DEVICE_DELAY_LOW
Description: Log receipt delay for all devices from a collection point fell below low water mark
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_LOG_DEVICE_DELAY_HIGH
Description: Log receipt delay for a single device crossed high water mark
Notes: This event is generated by FortiSIEM Supervisor node when no events are received from a single source IP (Reporting IP) within a (high threshold) time window. The time period can be set in two ways: - Global Setting: Set the EventRecvTimeGapHigh attribute in Admin > Device Support > Custom Properties. By default it is set to 10 minutes - Per device Setting: Set the "Event Receive Time Gap High Threshold minutes" attribute in CMDB > Choose a Device > Edit > Device Properties An event is generated for each jobType, e.g. Syslog, Windows Agent Log Collection, Linux Agent Log Collection, Cloud Service Log Collection etc.
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_LOG_DEVICE_DELAY_LOW
Description: Log receipt delay for a single device fell below water mark
Notes: This event is generated by FortiSIEM Supervisor node when no events are received from a single source IP (Reporting IP) within a (low threshold) time window. The time period can be set in two ways: - Global Setting: Set the EventRecvTimeGapLow attribute in Admin > Device Support > Custom Properties. By default it is set to 5 minutes - Per device Setting: Set the "Event Receive Time Gap Low Threshold minutes" attribute in CMDB > Choose a Device > Edit > Device Properties An event is generated for each jobType, e.g. Syslog, Windows Agent Log Collection, Linux Agent Log Collection, Cloud Service Log Collection etc.
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_MANUAL_SVC_START_TO_STOP
Description: Running Windows Manual service stopped
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
servicePath |
Service Path |
string |
|
|
serviceDesc |
Service Description |
string |
|
EventType: PH_DEV_MON_MANUAL_SVC_STOP
Description: Windows Manual Windows Service stopped
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
servicePath |
Service Path |
string |
|
|
serviceDesc |
Service Description |
string |
|
EventType: PH_DEV_MON_MANUAL_SVC_STOP_TO_START
Description: Stopped Windows Manual Service started
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
servicePath |
Service Path |
string |
|
|
serviceDesc |
Service Description |
string |
|
EventType: PH_DEV_MON_NETAPP_AGGR_MET
Description: NETAPP aggregate performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
aggrName |
NetApp Aggregate Name |
string |
|
|
aggrReadOpsPerSec |
Aggregate Read Request /sec |
double |
|
|
aggrWriteOpsPerSec |
Aggregate Write Request /sec |
double |
|
|
aggrTxfrPerSec |
Aggregate Transfer /sec |
double |
|
|
aggrCpReadPerSec |
Aggregate CP Read /sec |
double |
|
EventType: PH_DEV_MON_NETAPP_CIFS_MET
Description: NETAPP CIFS performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cifsOpsPerSec |
CIFS Request Rate |
double |
|
|
cifsLatency |
CIFS Latency ms |
double |
Overall Latency (ms) using CIFS storage protocol. |
EventType: PH_DEV_MON_NETAPP_CP_MET
Description: NetApp consistency point metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cpFromTimer |
Timer Consistency Point |
uint32 |
|
|
cpFromSnapshot |
Snapshot Consistency Point |
uint32 |
|
|
cpFromLowWater |
Low Water Consistency Point |
uint32 |
|
|
cpFromHiWater |
High Water Consistency Point |
uint32 |
|
|
cpFromLogFull |
Log Full Consistency Point |
uint32 |
|
|
backtobackCp |
Back-to-back Consistency Point |
uint32 |
|
|
totalCp |
Total Consistency Point |
uint32 |
|
|
deferredBacktobackCp |
Deferred Back-to-back Consistency Point |
uint32 |
|
EventType: PH_DEV_MON_NETAPP_DISK_HEALTH
Description: NetApp disk status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
totDisk |
Total Disk Count |
uint32 |
Total number of Disks |
|
activeDisk |
Active Disk Count |
uint32 |
Total number of Active Disks |
|
failedDisk |
Failed Disk Count |
uint32 |
Total number of Failed Disks |
|
spareDisk |
Spare Disk Count |
uint32 |
Total number of Spare Disks |
|
reconstDisk |
Reconstructing Disk Count |
uint32 |
Total number of Reconstructing Disks |
|
scrubbDisk |
Scrubbing Disk Count |
uint32 |
|
|
addSpareDisk |
Add Spare Disk Count |
uint32 |
|
EventType: PH_DEV_MON_NETAPP_DISK_MET
Description: NETAPP disk level performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
devDiskRdLatency |
Disk Read Latency ms |
double |
|
|
devDiskWrLatency |
Disk Write Latency ms |
double |
|
|
diskTfrOpsPerSec |
Disk Transfer Ops/s |
double |
|
EventType: PH_DEV_MON_NETAPP_FCP_MET
Description: NETAPP FCP performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
fcpReadOpsPerSec |
FCP Read Request /sec |
double |
Read Request Rate (operations/sec) using FCP storage protocol. |
|
fcpWriteOpsPerSec |
FCP Write Request /sec |
double |
Write Request Rate (operations/sec) using FCP storage protocol. |
|
fcpReadLatency |
FCP Read Latency ms |
double |
Read Latency (ms) using FCP storage protocol. |
|
fcpWriteLatency |
FCP Write Latency ms |
double |
Write Latency (ms) using FCP storage protocol. |
|
fcpReadKBytesPerSec |
FCP Read Volume KBps |
double |
Read throughput (KBytes/sec) using FCP storage protocol. |
|
fcpWriteKBytesPerSec |
FCP Write Volume KBps |
double |
Write throughput (KBytes/sec) using FCP storage protocol. |
EventType: PH_DEV_MON_NETAPP_ISCSI_MET
Description: NETAPP ISCSI performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
iscsiReadOpsPerSec |
ISCSI Read Request Rate |
double |
Read Request Rate (operations/sec) using ISCSI storage protocol. |
|
iscsiWriteOpsPerSec |
ISCSI Write Request Rate |
double |
Write Request Rate (operations/sec) using ISCSI storage protocol. |
|
iscsiReadLatency |
ISCSI Read Latency ms |
double |
Read Latency (ms) using ISCSI storage protocol. |
|
iscsiWriteLatency |
ISCSI Write Latency ms |
double |
Write Latency (ms) using ISCSI storage protocol. |
|
iscsiReadKBytesPerSec |
ISCSI Read Volume KBps |
double |
Read throughput (KBytes/sec) using ISCSI storage protocol. |
|
iscsiWriteKBytesPerSec |
ISCSI Write Volume KBps |
double |
Write throughput (KBytes/sec) using ISCSI storage protocol. |
EventType: PH_DEV_MON_NETAPP_LUN_MET
Description: NETAPP lun level performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
lunName |
LUN Name |
string |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
devDiskRWLatency |
Disk Read/Write Latency |
double |
|
|
diskQueueFull |
Disk Queue Full /sec |
double |
|
EventType: PH_DEV_MON_NETAPP_NFS3_MET
Description: NETAPP detailed NFS V3 performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
nfsReadOpsPerSec |
NFS Read Request Rate |
double |
Read Request Rate (operations/sec) using NFS storage protocol. |
|
nfsWriteOpsPerSec |
NFS Write Request Rate |
double |
Write Request Rate (operations/sec) using NFS storage protocol. |
|
nfsOpsPerSec |
NFS Request Rate |
double |
|
|
nfsReadLatency |
NFS Read Latency |
double |
Read Latency (ms) using NFS storage protocol. |
|
nfsWriteLatency |
NFS Write Latency |
double |
Write Latency (ms) using NFS storage protocol. |
|
nfsReadKBytesPerSec |
NFS Read Volume KBps |
double |
Read throughput (KBytes/sec) using NFS storage protocol. |
|
nfsWriteKBytesPerSec |
NFS Write Volume KBps |
double |
Write throughput (KBytes/sec) using NFS storage protocol. |
EventType: PH_DEV_MON_NETAPP_NFS4_MET
Description: NETAPP detailed NFS V4 performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
nfsReadOpsPerSec |
NFS Read Request Rate |
double |
Read Request Rate (operations/sec) using NFS storage protocol. |
|
nfsWriteOpsPerSec |
NFS Write Request Rate |
double |
Write Request Rate (operations/sec) using NFS storage protocol. |
|
nfsOpsPerSec |
NFS Request Rate |
double |
|
|
nfsReadLatency |
NFS Read Latency |
double |
Read Latency (ms) using NFS storage protocol. |
|
nfsWriteLatency |
NFS Write Latency |
double |
Write Latency (ms) using NFS storage protocol. |
|
nfsReadKBytesPerSec |
NFS Read Volume KBps |
double |
Read throughput (KBytes/sec) using NFS storage protocol. |
|
nfsWriteKBytesPerSec |
NFS Write Volume KBps |
double |
Write throughput (KBytes/sec) using NFS storage protocol. |
EventType: PH_DEV_MON_NETAPP_NFS_MET
Description: NETAPP NFS performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cacheAgeMin |
Cache Age Min |
uint64 |
|
|
cifsOpsPerSec |
CIFS Request Rate |
double |
|
|
nfsOpsPerSec |
NFS Request Rate |
double |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
netSentKBytesPerSec |
Net Sent Rate KBps |
double |
|
|
netRecvdKBytesPerSec |
Net Received Rate KBps |
double |
|
|
rpcBadCallsDelta |
RPC Bad Calls |
uint64 |
|
|
nfsBadCallsDelta |
NFS Bad Calls |
uint64 |
|
|
cifsBadCallsDelta |
CIFS Bad Calls |
uint64 |
|
EventType: PH_DEV_MON_NETAPP_VOL_MET
Description: NETAPP volume performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
volName |
NetApp Volume Name |
string |
|
|
diskReadReqPerSec |
Disk Read Rate req/sec |
double |
|
|
diskWriteReqPerSec |
Disk Write Rate req/sec |
double |
|
|
nfsWriteOpsPerSec |
NFS Write Request Rate |
double |
Write Request Rate (operations/sec) using NFS storage protocol. |
|
nfsReadLatency |
NFS Read Latency |
double |
Read Latency (ms) using NFS storage protocol. |
|
nfsWriteLatency |
NFS Write Latency |
double |
Write Latency (ms) using NFS storage protocol. |
|
cifsReadOpsPerSec |
CIFS Read Request /sec |
double |
Read Request Rate (operations/sec) using CIFS storage protocol. |
|
cifsWriteOpsPerSec |
CIFS Write Request /sec |
double |
Write Request Rate (operations/sec) using CIFS storage protocol. |
|
cifsReadLatency |
CIFS Read Latency ms |
double |
Read Latency (ms) using CIFS storage protocol. |
|
cifsWriteLatency |
CIFS Write Latency ms |
double |
Write Latency (ms) using CIFS storage protocol. |
|
sanReadOpsPerSec |
SAN Read Request /sec |
double |
|
|
sanWriteOpsPerSec |
SAN Write Request /sec |
double |
|
|
sanReadLatency |
SAN Read Latency ms |
double |
|
|
sanWriteLatency |
SAN Write Latency ms |
double |
|
EventType: PH_DEV_MON_NETBOTZ_HW_EMS_STATUS
Description: NetBotz EMS Hardware Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
emsHwStatus |
EMS Hardware Status |
uint16 |
EMS Hardware Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
phyMachConnectionStateCode |
Physical Machine Connection State |
uint16 |
|
|
hwLogStatus |
Hardware Log Status |
uint16 |
Hardware Log Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
EventType: PH_DEV_MON_NETBOTZ_HW_MODULE_SENSOR
Description: NetBotz Module Sensor Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
moduleNumber |
Module Number |
uint32 |
|
|
envSensorId |
Env Sensor Id |
string |
|
|
envSensorLabel |
Sensor Label |
string |
|
|
envSensorLoc |
Sensor Location |
string |
|
|
envTempDegC |
Temperature Celsius |
uint32 |
|
|
envHumidityRel |
Relative Humidity |
uint32 |
|
|
phyMachConnectionStateCode |
Physical Machine Connection State |
uint16 |
|
|
hwAlarmDeviceStatus |
Hardware Alarm Device Status |
uint16 |
Hardware Alarm Device Status determined from SNMP based hardware monitoring (0: Normal, 1: Warning, 2: Critical) |
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
EventType: PH_DEV_MON_NETBOTZ_HW_PROBE
Description: NetBotz Probe Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
envSensorLabel |
Sensor Label |
string |
|
|
envTempDegC |
Temperature Celsius |
uint32 |
|
|
envTempHighThreshDegC |
High Temperature Threshold Celsius |
uint32 |
|
|
envHumidityRel |
Relative Humidity |
uint32 |
|
|
envHumidityRelHighThresh |
High Relative Humidity Threshold |
uint32 |
|
|
envHumidityRelLowThresh |
Low Relative Humidity Threshold |
uint32 |
|
|
serialNumber |
Serial Number |
string |
|
|
phyMachConnectionStateCode |
Physical Machine Connection State |
uint16 |
|
|
envTempDegF |
Temperature Fahrenheit |
uint32 |
|
|
envTempHighThreshDegF |
High Temperature Threshold Fahrenheit |
uint32 |
|
EventType: PH_DEV_MON_NETSCALER_APP_FW
Description: NetScaler Application Firewall metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
totalRequests |
Total Requests |
uint64 |
|
|
totalResponses |
Total Responses |
uint64 |
|
|
totalAborts |
Total Aborts |
uint64 |
|
|
totalRedirects |
Total Redirects |
uint64 |
|
|
startURLViol |
Start URL Violations |
uint32 |
|
|
denyURLViol |
Deny URL Violations |
uint32 |
|
|
bufOverflowViol |
Buffer Overflow Violations |
uint32 |
|
|
cookieViol |
Cookie Violations |
uint32 |
|
|
xssViol |
XSS Violations |
uint32 |
|
|
sqlViol |
SQL Violations |
uint32 |
|
|
fieldFormatViol |
Field Format Violations |
uint32 |
|
|
fieldConsistViol |
Field Consistency Violations |
uint32 |
|
|
creditCardViol |
Credit Card Violations |
uint32 |
|
|
safeObjViol |
Safe Object Violations |
uint32 |
|
|
totViol |
Total Violations |
uint32 |
|
EventType: PH_DEV_MON_NETSCALER_SERVICE
Description: NetScaler Service metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
serviceName |
Service Name |
string |
|
|
serverIpAddr |
Server IP |
IP |
|
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
appTransportProto |
Application Protocol |
string |
|
|
svcStatus |
Service Health |
string |
|
|
averageTransactionTime |
Average Transaction Time ms |
uint32 |
|
|
createdConn |
Created Connections |
uint64 |
|
|
activeConns |
Active Connection |
uint64 |
|
|
surgeQueue |
Surge Queue |
uint32 |
|
|
totalRequests |
Total Requests |
uint64 |
|
|
totalResponses |
Total Responses |
uint64 |
|
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
EventType: PH_DEV_MON_NETSCALER_VIRT_SERVER
Description: NetScaler Virtual Server metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
serverName |
Server Name |
string |
|
|
serverIpAddr |
Server IP |
IP |
|
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
appTransportProto |
Application Protocol |
string |
|
|
svcStatus |
Service Health |
string |
|
|
clientConns |
Client Connections |
uint64 |
|
|
serverConns |
Server Connections |
uint64 |
|
|
surgeQueue |
Surge Queue |
uint32 |
|
|
totalRequests |
Total Requests |
uint64 |
|
|
totalResponses |
Total Responses |
uint64 |
|
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
totHits |
Total Hits |
uint64 |
|
|
serviceUp |
Services Up |
uint32 |
|
|
serviceDown |
Services Down |
uint32 |
|
|
serviceUnknown |
Services Unknown |
uint32 |
|
|
serviceOOS |
Services OutOfService |
uint32 |
|
|
serviceTransitOOS |
Services Transit OutOfService |
uint32 |
|
EventType: PH_DEV_MON_NET_INTF_UTIL
Description: Network Interface utilization stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
intfName |
Host Interface Name |
string |
Name of a network interface in a host. |
|
intfAlias |
Host Interface Alias |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pollIntv |
Polling Interval |
uint32 |
|
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
inIntfUtil |
Recv Interface Util |
double |
Ratio of Received Bits per second (derived from recvBytes) to the received network interface speed |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
outIntfUtil |
Sent Interface Util |
double |
Ratio of Sent Bits per second (derived from sentBytes) to the sent network interface speed |
|
recvPkts64 |
Received Packets64 |
uint64 |
Number of packets received by a host. This is 64bit version. |
|
sentPkts64 |
Sent Packets64 |
uint64 |
Number of packets sent by a host. This is 64bit version. |
|
inIntfPktErr |
Recv Packet Errors |
uint32 |
Number of received packets that had errors. The networking stack discards these packets. |
|
inIntfPktErrPct |
Recv Packet Error Pct |
double |
Ratio of inIntfPktErr and the total number of received packets in an onterval |
|
outIntfPktErr |
Sent Packet Errors |
uint32 |
Number of sent packets that had errors. he networking stack discards these packets. |
|
outIntfPktErrPct |
Sent Packet Error Pct |
double |
Ratio of outIntfPktErr and the total number of received packets in an onterval |
|
outQLen64 |
Interface Sent Queue Length64 |
uint64 |
|
|
intfInSpeed64 |
Recv Interface Speed bps |
uint64 |
Received bits/sec through an interface |
|
intfOutSpeed64 |
Sent Interface Speed bps |
uint64 |
Sent bits/sec through an interface |
|
intfAdminStatus |
Interface Admin Status |
string |
|
|
intfOperStatus |
Interface Operational Status |
string |
|
|
daysSinceLastUse |
Days Since Last Use |
uint32 |
|
|
totIntfPktErr |
Total Packet Errors |
uint32 |
|
|
totBitsPerSec |
Total Bit Rate |
double |
Total (Sent plus Received) bits/sec through an interface |
|
linkDuplexStatus |
Link Duplex Status |
string |
|
|
alignError |
Frame Align Error |
uint32 |
|
|
fcsError |
Frame FCS Error |
uint32 |
|
|
defTransmit |
Frame Deferred Transmission |
uint32 |
|
|
multiCollision |
Frame Multi Collision |
uint32 |
|
|
lateCollision |
Frame Late Collision |
uint32 |
|
|
excessCollisionAbort |
Frame Excess Collision Abort |
uint32 |
|
|
macTxmitError |
Frame MAC Transmit Error |
uint32 |
|
|
carrierSenseError |
Frame Carrier Sense Error |
uint32 |
|
|
framesTooLong |
Frame Too Long |
uint32 |
|
|
symbolError |
Frame Symbol Error |
uint32 |
|
|
intMacRecvError |
Frame Internal MAC Receive Error |
uint32 |
|
|
vdom |
Virtual Domain |
string |
|
|
latency |
Latency |
double |
|
|
jitterMs |
Jitter |
uint32 |
|
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
|
availSentBitsPerSec |
Available Sent Rate |
double |
|
|
availRecvBitsPerSec |
Available Received Rate |
double |
|
|
realtimeLinkCost |
Real-time Link Cost |
uint32 |
|
|
transactionalLinkCost |
Transactional Link Cost |
uint32 |
|
|
backgroundLinkCost |
Background Link Cost |
uint32 |
|
|
relayDevIpAddr |
Relaying IP |
IP |
Relaying IP is most commonly used to specify the log relay appliance, usually a collector. |
|
relayDevName |
Relaying Device |
string |
This is the hostname of the relaying device, a log relay, which is most typically a FortiSIEM collector. |
EventType: PH_DEV_MON_NIMBLE_GLOBAL_STAT
Description: Nimble Storage global stats
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
ioReadsPerSec |
Total Read I/Os Rate |
double |
|
|
ioSeqReadsPerSec |
Total Sequential Read I/Os Rate |
double |
|
|
ioWritesPerSec |
Total Write I/Os Rate |
double |
|
|
ioSeqWritesPerSec |
Total Sequential Write I/Os Rate |
double |
|
|
ioReadLatency |
IO Read Latency |
uint64 |
|
|
ioWriteLatency |
IO Write Latency |
uint64 |
|
|
ioReadKBytesPerSec |
Total Read I/O Rate KBps |
double |
|
|
ioSeqReadKBytesPerSec |
Total Sequential Read I/O Rate KBps |
double |
|
|
ioWriteKBytesPerSec |
Total Write I/O Rate KBps |
double |
|
|
ioSeqWriteKBytesPerSec |
Total Sequential Write I/O Rate KBps |
double |
|
|
usedVolMB |
Used Volumes MB |
uint64 |
|
|
usedSnapMB |
Used Snapshots MB |
uint64 |
|
|
ioNonSeqCacheHitRatio |
Non-Sequential Read I/Os Hit Ratio |
double |
|
EventType: PH_DEV_MON_NUTANIX_CLUSTER_STATUS
Description: Nutanix Cluster Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
clusterVersion |
Cluster Version |
string |
|
|
clusterStatus |
Cluster Status |
string |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
devDiskRWLatency |
Disk Read/Write Latency |
double |
|
EventType: PH_DEV_MON_NUTANIX_CONTAINER_INFO
Description: Nutanix Storage Container Info
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
ntxContainerId |
Nutanix Container Id |
uint64 |
|
|
ntxContainerName |
Nutanix Container Name |
string |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
devDiskRWLatency |
Disk Read/Write Latency |
double |
|
EventType: PH_DEV_MON_NUTANIX_CTRLR_VM_RESOURCE
Description: Nutanix Controller VM Resource Info
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
ntxControllerVMId |
Nutanix Controller VM Id |
uint64 |
|
|
memTotalMB |
Total Memory MB |
uint32 |
|
|
procCount |
System Process Count |
uint32 |
|
EventType: PH_DEV_MON_NUTANIX_DISK_STATUS
Description: Nutainix Disk Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
diskId |
Disk Id |
uint64 |
|
|
ntxControllerVMId |
Nutanix Controller VM Id |
uint64 |
|
|
hwDiskSerial |
Disk Serial |
string |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
freeDiskMBNonRoot |
Free Disk MB NonRoot |
uint32 |
|
|
inodeUsedPct |
Inode Util |
double |
|
|
inodeMax |
Max Inodes |
uint32 |
|
|
inodeFreeNonRoot |
Free Inodes NonRoot |
uint32 |
|
EventType: PH_DEV_MON_NUTANIX_DISK_TEMP
Description: Nutanix Disk temperature event
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskId |
Disk Id |
uint64 |
|
|
ntxControllerVMId |
Nutanix Controller VM Id |
uint64 |
|
|
hwDiskSerial |
Disk Serial |
string |
|
|
envTempdDegC |
Temperature Celsius Detailed |
double |
|
EventType: PH_DEV_MON_NUTANIX_SERVICE_STATUS
Description: Nutanix Service Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
ntxControllerVMId |
Nutanix Controller VM Id |
uint64 |
|
|
ntxClusterVMStatus |
Cluster VM Status |
string |
|
|
ntxZeusStatus |
Nutanix Zeus Status |
string |
|
|
ntxStargateStatus |
Nutanix Stargate Status |
string |
|
EventType: PH_DEV_MON_NUTANIX_STORAGE_POOL_INFO
Description: Nutanix Storage Pool Info
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cluster |
Cluster |
string |
|
|
spoolId |
Storage Pool Id |
uint64 |
|
|
spoolName |
Storage Pool Name |
string |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
diskRWReqPerSec |
Disk RW Rate req/sec |
double |
|
|
devDiskRWLatency |
Disk Read/Write Latency |
double |
|
EventType: PH_DEV_MON_OMI_PING_STAT
Description: OMI Ping Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
|
sysDownTime |
System Downtime |
uint32 |
|
|
sysDegradedTime |
System Degraded Time |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_OSPF_NBR_STATUS
Description: OSPF neighbor status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
ospfAreaId |
OSPF Area Id |
uint32 |
|
|
ospfState |
OSPF State |
string |
|
EventType: PH_DEV_MON_PANASONIC_AERO_LOG_MON_STATUS
Description: Panasonic Aero Log Monitoring Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
customer |
Organization Name |
string |
This is the FortiSIEM Organization Name, which is unique to each tenant. It identifies the tenant this event belongs to. |
|
collectorId |
Collector ID |
uint32 |
This field captures the ID of a FortiSIEM Collector |
|
phCollectorName |
Collector Name |
string |
Name of the FortiSIEM Collector. The name is set in GUI. |
|
reptDevName |
Reporting Device |
string |
This is the hostname of the device that originated the log or event packet. |
|
airlineName |
Airline Name |
string |
|
|
airlineTail |
Airline Tail Number |
string |
|
|
airlineDevName |
Airline Device |
string |
|
|
filePath |
File Path |
string |
|
|
scannedFiles |
Scanned File Count |
uint32 |
|
|
totEventCount |
Total Event Count |
uint32 |
|
EventType: PH_DEV_MON_PERFMON_ALL_DEVICE_DELAY_HIGH
Description: Performance monitoring delay for all devices from a collection point crossed high water mark
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERFMON_ALL_DEVICE_DELAY_LOW
Description: Performance monitoring delay for all devices from a collection point fell below low water mark
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERFMON_DEVICE_DELAY_HIGH
Description: All performance metrics delay for a single device crossed high water mark
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERFMON_DEVICE_DELAY_LOW
Description: Some performance metric delay for a single device fell below water mark
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERFMON_JOB_DELAY_HIGH
Description: A performance metric delay for a single device crossed high water mark
Severity: 9 (High)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERFMON_JOB_DELAY_LOW
Description: A performance metric delay for a single device fell below water mark
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_BACKUP_INFO
Description: Last backup info on SQL Server
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_BLOCKBY_INFO
Description: Blocked process in SQL Server
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_CONFIG_INFO
Description: SQL Server configuration
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_ERROR_LOG_INFO
Description: SQL Server error log information
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_GEN_INFO
Description: SQL Server general information
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_LOCK_INFO
Description: SQL Server lock information
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_PERDB
Description: Metrics for per database in SQL Server
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_SYS
Description: Metrics for the total SQL Server
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MSSQL_TOP_QUERIES
Description: Top queries against SQL Server database
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MYSQLDB
Description: MySQL database performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_MYSQLDB_TABLESPACE
Description: MySQL tablespace metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_ORADB
Description: Oracle database performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_ORADB_CLUSTER
Description: Oracle Cluster performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_ORADB_TABLESPACE
Description: Oracle tablespace metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PERF_ORADB_TOP_QUERIES
Description: Top queries against Oracle database
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PING_STAT
Description: Ping Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
|
sysDownTime |
System Downtime |
uint32 |
|
|
sysDegradedTime |
System Degraded Time |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
EventType: PH_DEV_MON_PING_STAT_SUPPRESSED
Description: Ping stat suppressed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
EventType: PH_DEV_MON_PORT_CLOSE
Description: A port is closed
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
ipPort |
IP Port |
uint16 |
IP port number |
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_PORT_OPEN
Description: A new port is open
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
serviceName |
Service Name |
string |
|
|
ipProto |
IP Protocol |
uint16 |
IP Protocol, e.g. TCP, UDP, ICMP etc as defined in IP RFPs |
|
ipPort |
IP Port |
uint16 |
IP port number |
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_PRINTER_OUTPUT_STATUS
Description: Printer Output Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
prtDevStatus |
Printer Device Status |
string |
|
|
prtPrintStatus |
Printer Printing Status |
string |
|
|
prtErrorState |
Printer Error State |
string |
|
|
prtPrintPageCount |
Printed Page Count |
uint32 |
|
EventType: PH_DEV_MON_PRINTER_SUPPLY_STATUS
Description: Printer Supply Status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
prtSupplyType |
Printer Supply Type |
string |
|
|
prtSupplyName |
Printer Supply Name |
string |
|
|
prtMaxSupplyLevel |
Printer Max Supply Level |
int32 |
|
|
prtCurrSupplyLevel |
Printer Current Supply Level |
int32 |
|
|
prtSupplyUnit |
Printer Supply Unit |
string |
|
|
prtCurrSupplyUsedPct |
Printer Pct Used Supply |
double |
|
EventType: PH_DEV_MON_PROC_CPU_UTIL
Description: Process CPU Utilization stats
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PROC_MEM_UTIL
Description: Process Memory Utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_PROC_RESOURCE_UTIL
Description: Process CPU and Memory Utilization stats
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
swProcName |
Software Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
procOwner |
Process Owner |
string |
|
|
memUtil |
Memory Util |
double |
|
|
cpuUtil |
CPU Util |
double |
|
|
appName |
Application Name |
string |
|
|
appGroupName |
Application Group Name |
string |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
swParam |
Software Param |
string |
|
|
realMemPeakKBytes |
Real Peak Memory KB |
uint32 |
|
|
virtMemKBytes |
Virtual Memory KB |
uint32 |
|
|
peakVirtMemKBytes |
Peak Virtual Memory KB |
uint32 |
|
|
diskReadKBytesPerSec |
Disk Read Rate KBps |
double |
|
|
diskWriteKBytesPerSec |
Disk Write Rate KBps |
double |
|
|
sysUpTime |
System Uptime |
uint32 |
|
EventType: PH_DEV_MON_PROC_START
Description: Process Started
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
swProcName |
Software Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
procOwner |
Process Owner |
string |
|
|
appName |
Application Name |
string |
|
|
appGroupName |
Application Group Name |
string |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
swParam |
Software Param |
string |
|
EventType: PH_DEV_MON_PROC_STOP
Description: Process Stopped
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
swProcName |
Software Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
procOwner |
Process Owner |
string |
|
|
appName |
Application Name |
string |
|
|
appGroupName |
Application Group Name |
string |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
swParam |
Software Param |
string |
|
EventType: PH_DEV_MON_QUALYS_WEB_APP_FW
Description: Qualys Web Application Firewall Log
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventTime |
Event Occur Time |
Date |
|
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
type |
Type |
string |
|
|
ipsConfidence |
Attack Confidence |
string |
|
|
policyName |
Policy Name |
string |
|
|
msg |
Message |
string |
|
EventType: PH_DEV_MON_RBD_BW
Description: Riverbed Steelhead appliance bandwidth metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
inLanBytes |
Inbound Optimized Bytes LAN Side |
uint32 |
|
|
inWanBytes |
Inbound Optimized Bytes WAN Side |
uint32 |
|
|
outLanBytes |
Outbound Optimized Bytes LAN Side |
uint32 |
|
|
outWanBytes |
Outbound Optimized Bytes WAN Side |
uint32 |
|
EventType: PH_DEV_MON_RBD_CONN
Description: Riverbed Steelhead appliance connection metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
optConn |
Optimized Connections |
uint32 |
|
|
passthruOptConn |
Passthrough Connections |
uint32 |
|
|
halfOpenOptConn |
Half-open Optimized Connections |
uint32 |
|
|
halfClosedOptConn |
Half-closed Optimized Connections |
uint32 |
|
|
estOptConn |
Established Optimized Connections |
uint32 |
|
|
activeOptConn |
Active Optimized Connections |
uint32 |
|
|
totalOptConn |
Total Opt Connections |
uint32 |
|
EventType: PH_DEV_MON_RBD_PEER_STAT
Description: Riverbed Steelhead appliance Peer metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
rbdState |
Riverbed Steelhead State |
string |
|
|
connFailure |
Connection Failures |
uint32 |
|
|
reqTimeout |
Request Timeout |
uint32 |
|
|
maxLatency |
Max Latency |
double |
|
EventType: PH_DEV_MON_RBD_PER_PORT_BW
Description: Riverbed Steelhead per port bandwidth metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
inLanBytes |
Inbound Optimized Bytes LAN Side |
uint32 |
|
|
inWanBytes |
Inbound Optimized Bytes WAN Side |
uint32 |
|
|
outLanBytes |
Outbound Optimized Bytes LAN Side |
uint32 |
|
|
outWanBytes |
Outbound Optimized Bytes WAN Side |
uint32 |
|
EventType: PH_DEV_MON_RBD_TOP_APP
Description: Riverbed Steelhead appliance top application metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_DEV_MON_RBD_TOP_DEST
Description: Riverbed Steelhead appliance top dest metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_DEV_MON_RBD_TOP_SRC
Description: Riverbed Steelhead appliance top src metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_DEV_MON_RBD_TOP_TALKER
Description: Riverbed Steelhead appliance top talker metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcIpPort |
Source TCP/UDP Port |
uint16 |
This is the source TCP or UDP port as identified in the event |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destIpPort |
Destination TCP/UDP Port |
uint16 |
This is the destination TCP or UDP port as identified in the event |
|
totBytes64 |
Total Bytes64 |
uint64 |
Total number of sent and received bytes by a host. This has 64bit resolution. |
EventType: PH_DEV_MON_RDS_METRIC
Description: AWS RDS metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
instanceName |
DB Instance Name |
string |
|
|
type |
Type |
string |
|
|
dbCpuTimeRatio |
DB CPU Time Ratio |
double |
|
|
dbUserConn |
DB User Connections |
uint32 |
|
|
diskQLen |
Disk Queue Length |
uint32 |
|
|
freeMemKB |
Free Memory |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
usedSwapMemKB |
Used Swap Memory |
uint32 |
|
|
ioReadsPerSec |
Total Read I/Os Rate |
double |
|
|
ioWritesPerSec |
Total Write I/Os Rate |
double |
|
|
devDiskRdLatency |
Disk Read Latency ms |
double |
|
|
devDiskWrLatency |
Disk Write Latency ms |
double |
|
EventType: PH_DEV_MON_RUCKUS_ACCESS_POINT_STAT
Description: Ruckus Access Point Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
description |
Description |
string |
|
|
numRadio |
Radio Count |
uint32 |
|
|
numWlanClient |
WLAN Station Count |
uint32 |
WLAN Station Count found in SNMP based WLAN monitoring |
|
knownRogueAP |
Known Rogue APs |
uint32 |
|
|
connMode |
Connection Mode |
string |
|
|
firstJoinTime |
First Join Time |
Date |
|
|
lastBootTime |
Last Boot Time |
Date |
|
|
lastUpgradeTime |
Last Upgrade Time |
Date |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
EventType: PH_DEV_MON_RUCKUS_CONTROLLER_STAT
Description: Ruckus Controller Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
numAp |
AP Count |
uint32 |
|
|
numWlanClient |
WLAN Station Count |
uint32 |
WLAN Station Count found in SNMP based WLAN monitoring |
|
newRogueAP |
New Rogue APs |
uint32 |
|
|
knownRogueAP |
Known Rogue APs |
uint32 |
|
|
wlanSentBytes |
WLAN Sent Bytes |
uint64 |
WLAN Sent Bytes found in SNMP based WLAN monitoring |
|
wlanRecvBytes |
WLAN Recv Bytes |
uint64 |
WLAN Recv Bytes found in SNMP based WLAN monitoring |
|
wlanSentBitsPerSec |
WLAN Sent Rate bps |
double |
WLAN Sent Rate (in bits/sec) found in SNMP based WLAN monitoring |
|
wlanRecvBitsPerSec |
WLAN Recv Rate bps |
double |
WLAN Recv Rate (in bits/sec)s found in SNMP based WLAN monitoring |
|
lanSentBytes |
LAN Sent Bytes |
uint64 |
|
|
lanRecvBytes |
LAN Recv Bytes |
uint64 |
|
|
lanSentBitsPerSec |
LAN Sent Rate bps |
double |
|
EventType: PH_DEV_MON_RUCKUS_SSID_PERF
Description: Ruckus SSID Performance Metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
wlanSsid |
WLAN SSID |
string |
WLAN Service Set Identifier (SSID) found in SNMP based WLAN monitoring |
|
description |
Description |
string |
|
|
wlanName |
WLAN Name |
string |
WLAN Name found in SNMP based WLAN monitoring |
|
authenMethod |
Authentication Method |
string |
|
|
encryptAlgo |
Encryption Algorithm |
string |
|
|
isGuest |
Guest VLAN |
string |
|
|
srcVLAN |
Source VLAN |
uint16 |
The VLAN to which the Source Network Interface belongs. Source network interface through which a packet enters a network device. |
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
authSuccess |
Auth Successes |
uint32 |
|
|
authFailure |
Auth Failures |
uint32 |
|
|
assocSuccess |
Assoc Success |
uint32 |
|
|
assocFailure |
Assoc Failure |
uint32 |
|
|
assocDeny |
Assoc Deny |
uint32 |
|
|
disassocAbnormal |
Disassoc Abnormal |
uint32 |
|
|
disassocLeave |
Disassoc Leave |
uint32 |
|
|
disassocMisc |
Disassoc Misc |
uint32 |
|
EventType: PH_DEV_MON_SERVERIRON_REAL_SERVER_STAT
Description: Brocade ServerIron ADX Real Server Stat
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
realServerIP |
Real Server IP |
IP |
|
|
realServerState |
Real Server State |
string |
|
|
failedPortExists |
Failed Port Exists |
uint16 |
|
|
openConnectionsCount |
Open Connections |
uint64 |
|
|
peakConns |
Peak Connections |
uint64 |
|
|
activeSessions |
Active Sessions |
uint64 |
|
EventType: PH_DEV_MON_SLB_METRIC
Description: Cisco Server Load Balancing metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
lbOpenConn |
LB Open Conn |
uint32 |
|
|
lbFailedConn |
LB Failed Conn |
uint32 |
|
|
lbL4Conn |
LB L4 Conn |
uint32 |
|
|
lbL7Conn |
LB L7 Conn |
uint32 |
|
|
lbDroppedL4Conn |
LB Dropped L4 Conn |
uint32 |
|
|
lbDroppedL7Conn |
LB Dropped L7 Conn |
uint32 |
|
|
lbHttpRedirectConn |
LB HTTP Redirect Conn |
uint32 |
|
|
lbDroppedHttpRedirectConn |
LB Dropped HTTP Redirect Conn |
uint32 |
|
|
lbAclDeniedConn |
LB ACL Denied Conn |
uint32 |
|
|
lbTimedoutConn |
LB Timed Out Conn |
uint32 |
|
EventType: PH_DEV_MON_SNMP_PING_STAT
Description: SNMP Ping Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
|
sysDownTime |
System Downtime |
uint32 |
|
|
sysDegradedTime |
System Degraded Time |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_SRC_AD_REPL_STAT
Description: Windows Active Directory Source REPLSTAT command output
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_STATUS
Description: Status of devices monitored by FortiSIEM
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_STORAGE_PORT_DOWN_TO_UP
Description: Storage port came back up
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
spName |
SAN Storage Processor Name |
string |
|
|
spPortName |
SAN Storage Port Name |
string |
|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
EventType: PH_DEV_MON_STORAGE_PORT_UP_TO_DOWN
Description: Storage port went down
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
spName |
SAN Storage Processor Name |
string |
|
|
spPortName |
SAN Storage Port Name |
string |
|
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
EventType: PH_DEV_MON_SYS_CPU_UTIL
Description: System CPU Utilization for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
cpuName |
CPU Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cpuUtil |
CPU Util |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
sysCpuUtil |
System CPU Util |
double |
|
|
userCpuUtil |
User CPU Util |
double |
|
|
waitCpuUtil |
Wait CPU Util |
double |
|
|
kernCpuUtil |
Kernel CPU Util |
double |
|
|
contextSwitchPerSec |
Context Switch Rate /sec |
double |
|
|
cpuInterruptPerSec |
CPU Interrupt Rate /sec |
double |
|
|
cpuCore |
CPU Cores |
uint16 |
|
|
loadAvg1min |
Load Average 1 min |
double |
Linux Server load average (calculated over 1min ntervals). Linux load average is a metric that shows the number of tasks currently executed by the CPU and tasks waiting in the queue. |
|
loadAvg5min |
Load Average 5 min |
double |
Linux Server load average (calculated over 5min ntervals). Linux load average is a metric that shows the number of tasks currently executed by the CPU and tasks waiting in the queue. |
|
loadAvg15min |
Load Average 15 min |
double |
Linux Server load average (calculated over 15min ntervals). Linux load average is a metric that shows the number of tasks currently executed by the CPU and tasks waiting in the queue. |
|
relayDevIpAddr |
Relaying IP |
IP |
Relaying IP is most commonly used to specify the log relay appliance, usually a collector. |
|
relayDevName |
Relaying Device |
string |
This is the hostname of the relaying device, a log relay, which is most typically a FortiSIEM collector. |
EventType: PH_DEV_MON_SYS_DISK_FREE
Description: Free disk space stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_SYS_DISK_TREND_DAY
Description: Daily Disk growth trend
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskGrowthMBDaily |
Current Daily Disk Growth |
double |
|
|
avgDiskGrowthMBDaily |
Avg Daily Disk Growth |
double |
|
|
timeToDiskFull |
Days To Disk Full |
int32 |
|
EventType: PH_DEV_MON_SYS_DISK_TREND_MONTH
Description: Monthly disk growth trend
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskGrowthMBMonthly |
Current Monthly Disk Growth |
double |
|
|
avgDiskGrowthMBMonthly |
Avg Monthly Disk Growth |
double |
|
|
timeToDiskFull |
Days To Disk Full |
int32 |
|
EventType: PH_DEV_MON_SYS_DISK_TREND_WEEK
Description: Weekly disk growth trend
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskName |
Disk Name |
string |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
diskUtil |
Disk Capacity Util |
double |
|
|
diskGrowthMBWeekly |
Current Weekly Disk Growth |
double |
|
|
avgDiskGrowthMBWeekly |
Avg Weekly Disk Growth |
double |
|
|
timeToDiskFull |
Days To Disk Full |
int32 |
|
EventType: PH_DEV_MON_SYS_DISK_UTIL
Description: Disk Utilization stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
diskName |
Disk Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
diskUtil |
Disk Capacity Util |
double |
|
|
totalDiskMB |
Total Disk MB |
uint32 |
|
|
usedDiskMB |
Used Disk MB |
uint32 |
|
|
freeDiskMB |
Free Disk MB |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
inodeUsedPct |
Inode Util |
double |
|
|
inodeUsed |
Used Inodes |
uint32 |
|
|
inodeFree |
Free Inodes |
uint32 |
|
|
inodeMax |
Max Inodes |
uint32 |
|
|
fileUsedPct |
File Util |
double |
|
|
fileUsed |
Used Files |
uint32 |
|
|
fileFree |
Free Files |
uint32 |
|
|
fileMax |
Max Files |
uint32 |
|
|
maxDiskUtil |
Max Disk Util |
double |
|
|
maxInodeUsedPct |
Max Inode Util |
double |
|
|
maxFileUsedPct |
Max File Util |
double |
|
|
appTransportProto |
Application Protocol |
string |
|
|
resvDiskMB |
Reserved Disk MB |
uint32 |
|
|
availDiskMB |
Available Disk MB |
uint32 |
|
EventType: PH_DEV_MON_SYS_EXT_CMD
Description: Extensible commands status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
appName |
Application Name |
string |
|
|
command |
Command |
string |
|
|
exitValue |
Command exit value |
int32 |
|
|
usrMsg |
User defined msg |
string |
|
|
extCmdErrStatus |
Extensible Command Error Status |
string |
|
|
errFixCmd |
Error Fix Command |
string |
|
EventType: PH_DEV_MON_SYS_MEM_FREE
Description: Free system memory stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
memName |
Memory Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
freeMemKB |
Free Memory |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_SYS_MEM_UTIL
Description: System memory Utilization stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
memName |
Memory Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
memUtil |
Memory Util |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
freeMemKB |
Free Memory |
uint32 |
|
|
bufMemKB |
Buffer Memory |
uint32 |
|
|
cacheMemKB |
Cache Memory |
uint32 |
|
|
swapMemUtil |
Swap Memory Util |
double |
|
|
freeSwapMemKB |
Free Swap Memory |
uint32 |
|
|
swapInRate |
Swap Read Rate Pages/sec |
double |
|
|
swapOutRate |
Swap Write Rate Pages/sec |
double |
|
|
swapRate |
Total Swap Rate Pages/sec |
double |
|
|
totalMemKB |
Total Memory |
uint32 |
|
|
usedMemKB |
Used Memory |
uint32 |
|
|
relayDevIpAddr |
Relaying IP |
IP |
Relaying IP is most commonly used to specify the log relay appliance, usually a collector. |
|
relayDevName |
Relaying Device |
string |
This is the hostname of the relaying device, a log relay, which is most typically a FortiSIEM collector. |
EventType: PH_DEV_MON_SYS_PAGEFILE_USAGE
Description: Pagefile usage for Windows systems
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
pageFileUsage |
PageFile Usage |
double |
|
|
pageFilePeakUsage |
PageFile Peak Usage |
double |
|
EventType: PH_DEV_MON_SYS_PER_CPU_UTIL
Description: System per CPU Utilization for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
cpuName |
CPU Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
cpuUtil |
CPU Util |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
sysCpuUtil |
System CPU Util |
double |
|
|
userCpuUtil |
User CPU Util |
double |
|
EventType: PH_DEV_MON_SYS_PROC_COUNT
Description: System process count for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
procCount |
System Process Count |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_SYS_RESTART
Description: A device restarted
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
restartTime |
Restart Time |
Date |
|
EventType: PH_DEV_MON_SYS_STAT
Description: HP-UNIX logged in users and average system jobs statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
numUser |
System Logged In User |
uint32 |
|
|
numJob |
Average System Job |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_SYS_STATUS
Description: Overall System ststus
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
overallStatusCode |
Overall Health |
uint16 |
|
|
systemStatus |
System Health |
string |
|
|
svcStatus |
Service Health |
string |
|
|
envTempDegC |
Temperature Celsius |
uint32 |
|
EventType: PH_DEV_MON_SYS_SWAP_MEM_ERROR_MSG
Description: Swap memory error
Severity: 8 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
memName |
Memory Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
swapMemUtil |
Swap Memory Util |
double |
|
|
freeSwapMemKB |
Free Swap Memory |
uint32 |
|
|
memMinimumSwap |
Minimum Swap Memory |
uint32 |
|
|
swapMemErrorString |
Swap Memory Error |
string |
|
EventType: PH_DEV_MON_SYS_UPTIME
Description: System uptime for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
sysUpTime |
System Uptime |
uint32 |
|
|
sysUpTimePct |
System Uptime Pct |
double |
|
|
sysDownTime |
System Downtime |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
relayDevIpAddr |
Relaying IP |
IP |
Relaying IP is most commonly used to specify the log relay appliance, usually a collector. |
|
relayDevName |
Relaying Device |
string |
This is the hostname of the relaying device, a log relay, which is most typically a FortiSIEM collector. |
EventType: PH_DEV_MON_SYS_VIRT_MEM_UTIL
Description: System virtual memory Utilization stats for a device
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
memName |
Memory Name |
string |
|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
virtMemUsedKB |
Virtual Memory |
uint32 |
|
|
virtMemUtil |
Virtual Memory Util |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_TARGET_FILE_CONTENT_CHANGE
Description: Target file hash changed from gold standard
Severity: 9 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
fileName |
File Name |
string |
|
|
hashCode |
Hash Code |
string |
|
|
oldSVNVersion |
Old SVN Version |
uint32 |
|
|
newSVNVersion |
New SVN Version |
uint32 |
|
|
deletedItem |
Deleted Item |
string |
|
|
addedItem |
Added Item |
string |
|
EventType: PH_DEV_MON_TOMCAT_CPU
Description: Tomcat cpu usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TOMCAT_DB
Description: Tomcat database pool metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TOMCAT_MEMORY
Description: Tomcat memory usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TOMCAT_REQUEST_PROCESSOR
Description: Tomcat request processor metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TOMCAT_SERVLET
Description: Tomcat servlet metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TOMCAT_SESSION
Description: Tomcat session metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TOMCAT_THREAD_POOL
Description: Tomcat thread pool usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_TRACEROUTE_STAT
Description: Trace Route statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
eventTime |
Event Occur Time |
Date |
|
|
jobId |
Job Id |
string |
|
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
srcName |
Source Host Name |
string |
Source device's hostname as identified in the log, can also be enriched using reverse lookup of the source IP address. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
hopNum |
Hop Count |
uint32 |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
EventType: PH_DEV_MON_UCS_HW_CHASSIS_STAT
Description: Cisco UCS Chassis status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
inputPowerWatt |
Input Power Watt |
double |
|
|
inputPowerAvgWatt |
Avg Input Power Watt |
double |
|
|
inputPowerMaxWatt |
Max Input Power Watt |
double |
|
|
inputPowerMinWatt |
Min Input Power Watt |
double |
|
|
outputPowerWatt |
Output Power Watt |
double |
|
|
outputPowerAvgWatt |
Avg Output Power Watt |
double |
|
|
outputPowerMaxWatt |
Max Output Power Watt |
double |
|
|
outputPowerMinWatt |
Min Output Power Watt |
double |
|
EventType: PH_DEV_MON_UCS_HW_FAN_STAT
Description: Cisco UCS fan status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
fanSpeed |
Fan Speed |
double |
|
|
fanSpeedAvg |
Avg Fan Speed |
double |
|
|
fanSpeedMax |
Max Fan Speed |
double |
|
|
fanSpeedMin |
Min Fan Speed |
double |
|
EventType: PH_DEV_MON_UCS_HW_MEMORY_STAT
Description: Cisco UCS memory status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
envTempdDegC |
Temperature Celsius Detailed |
double |
|
|
envTempAvgDegC |
Avg Temperature Celsius |
double |
|
|
envTempMaxDegC |
Max Temperature Celsius |
double |
|
|
envTempMinDegC |
Min Temperature Celsius |
double |
|
EventType: PH_DEV_MON_UCS_HW_PROCESSOR_STAT
Description: Cisco UCS processor status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
inputCurrentAmp |
Input Amp |
double |
|
|
inputCurrentAvgAmp |
Avg Input Amp |
double |
|
|
inputCurrentMaxAmp |
Max Input Amp |
double |
|
|
inputCurrentMinAmp |
Min Input Amp |
double |
|
|
envTempdDegC |
Temperature Celsius Detailed |
double |
|
|
envTempAvgDegC |
Avg Temperature Celsius |
double |
|
|
envTempMaxDegC |
Max Temperature Celsius |
double |
|
|
envTempMinDegC |
Min Temperature Celsius |
double |
|
EventType: PH_DEV_MON_UCS_HW_PSU_STAT
Description: Cisco UCS power supply status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
envTempdDegC |
Temperature Celsius Detailed |
double |
|
|
envTempAvgDegC |
Avg Temperature Celsius |
double |
|
|
envTempMaxDegC |
Max Temperature Celsius |
double |
|
|
envTempMinDegC |
Min Temperature Celsius |
double |
|
|
input210Volt |
Input 210 Volt |
double |
|
|
input210AvgVolt |
Avg Input 210 Volt |
double |
|
|
input210MaxVolt |
Max Input 210 Volt |
double |
|
|
input210MinVolt |
Min Input 210 Power Volt |
double |
|
|
output12Volt |
Output 12 Volt |
double |
|
|
output12AvgVolt |
Avg Output Volt |
double |
|
|
output12MaxVolt |
Max Output Volt |
double |
|
|
output12MinVolt |
Min Output Volt |
double |
|
|
output3V3Volt |
Output 3V3 Volt |
double |
|
|
output3V3AvgVolt |
Avg Output 3V3 Volt |
double |
|
|
output3V3MaxVolt |
Max Output 3V3 Volt |
double |
|
|
output3V3MinVolt |
Min Output 3V3 Volt |
double |
|
|
outputCurrentAmp |
Output Amp |
double |
|
|
outputCurrentAvgAmp |
Avg Output Amp |
double |
|
|
outputCurrentMaxAmp |
Max Output Amp |
double |
|
|
outputCurrentMinAmp |
Min Output Amp |
double |
|
|
outputPowerWatt |
Output Power Watt |
double |
|
|
outputPowerAvgWatt |
Avg Output Power Watt |
double |
|
|
outputPowerMaxWatt |
Max Output Power Watt |
double |
|
|
outputPowerMinWatt |
Min Output Power Watt |
double |
|
EventType: PH_DEV_MON_UPS_METRIC
Description: UPS metric
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
upsRemainBatteryChargePct |
UPS Remaining Charge Pct |
uint32 |
|
|
upsBatteryStatus |
UPS Battery Status |
uint32 |
|
|
upsReplaceBatteryIndicator |
UPS Replace Battery Indicator |
uint32 |
|
|
upsTimeOnBattery |
UPS Time on Battery sec |
uint32 |
|
|
upsBasicOutputStatus |
UPS Output Status |
uint32 |
|
|
upsAdvOutputLoad |
UPS Output Load |
uint32 |
|
|
upsAdvOutputVoltage |
UPS Output Voltage V |
uint32 |
|
|
upsAdvOutputFreq |
UPS Output Frequency Hz |
uint32 |
|
|
upsEstSecRemain |
UPS Time Remaining sec |
uint32 |
|
|
upsBatteryVoltage |
UPS Battery Voltage |
double |
|
|
upsBatteryCurrent |
UPS Battery Current Amp |
double |
|
|
upsBatteryTempC |
UPS Battery Temperature Celsius |
uint32 |
|
|
upsBatteryTempF |
UPS Battery Temperature Fahrenheit |
uint32 |
|
|
hwComponentName |
Hardware Component Name |
string |
This field represents the hardware component that has an issue when the hardware status is Warning or Critcal. For example when hwDiskStatus is 2 (Critical), this field states which disk has an issue. |
|
upsAdvInputFreq |
UPS Input FrequencyHz |
uint32 |
|
|
upsAdvInputVoltage |
UPS Input Voltage |
uint32 |
|
|
upsOutputCurrent |
UPS Output Current |
double |
|
|
upsOutputPower |
UPS Output Power |
double |
|
EventType: PH_DEV_MON_VMCLUSTER_CPU_UTIL
Description: Physical CPU usage for a VMware Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VMCLUSTER_DATASTORE_IO
Description: Datastore IO stats for a VMware Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VMCLUSTER_MEM_UTIL
Description: Physical memory usage for a VMware Cluster
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VMCLUSTER_STATUS
Description: VMware cluster status
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VMRESPOOL_CPU_UTIL
Description: Physical CPU usage for a VMware Resource Pool
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VMRESPOOL_MEM_UTIL
Description: Physical memory usage for a VMware Resource Pool
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_CPU_UTIL
Description: Physical CPU usage for a Virtual Machine
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_DATASTORE_IO
Description: Datastore IO stats for a Virtual Machine
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_DISK_IO
Description: Disk IO stats for a Virtual Machine
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_DISK_UTIL
Description: VM datastore utilization
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_MEM_UTIL
Description: Physical memory usage for a Virtual Machine
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_NET_INTF_UTIL
Description: Network IO stats for a Virtual Machine
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_PER_CPU_UTIL
Description: Physical CPU utilization for a Virtual Machine's virtual CPU
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_SNAPSHOT
Description: Virtual Machine Snapshot
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_STATE
Description: Virtual Machine State
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_TOOLS_STATUS
Description: VMware tools status
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VM_UPTIME
Description: Virtual Machine's up time
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_VPN_CONN
Description: VPN Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
vpnConnCount |
VPN Conn Count |
uint32 |
|
EventType: PH_DEV_MON_VPN_STATUS
Description: VPN Performance metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
vpnStatus |
VPN Status |
string |
|
|
vpnConnCount |
VPN Conn Count |
uint32 |
|
|
sslVpnStatus |
SSL VPN Status |
string |
|
|
sslVpnConnCount |
SSL VPN Conn Count |
uint32 |
|
|
vpnTunnelName |
VPN Tunnel Name |
string |
|
|
vpnConnType |
VPN Conn Type |
string |
|
|
remoteVpnIpAddr |
Remote VPN Tunnel IP |
IP |
|
|
sentBitsPerSec |
Sent Bit Rate |
double |
|
|
recvBitsPerSec |
Received Bit Rate |
double |
|
|
sentBytes64 |
Sent Bytes64 |
uint64 |
Number of bytes sent by a host. This has 64bit resolution. |
|
recvBytes64 |
Received Bytes64 |
uint64 |
Number of bytes received by a host. This has 64bit resolution. |
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_WATCHGUARD_POLICY_STAT
Description: Watchguard Firebox Policy Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
policyName |
Policy Name |
string |
|
|
recvDecryptFail |
Recv Decrypt Fail |
uint64 |
|
|
authFailure |
Auth Failures |
uint32 |
|
|
failureCount |
Failure Count |
uint32 |
|
|
activeSessions |
Active Sessions |
uint64 |
|
|
totalNum |
Total Number of Items |
uint32 |
|
|
totBytesPerSec |
Total Byte Rate |
double |
|
|
totPktsPerSec |
Total Packet Rate |
double |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_DEV_MON_WEBLOGIC_APP
Description: Weblogic app server configuration and metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_DB_POOL
Description: Weblogic database pool metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_EJB
Description: Weblogic EJB metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_GEN
Description: Weblogic generic settings
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_MEMORY
Description: Weblogic memory usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_SERVLET
Description: Weblogic servlet metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_SESSION
Description: Weblogic session metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBLOGIC_THREAD_POOL
Description: Weblogic thread pool usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_APP
Description: Websphere app server configuration and metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_AUTHENTICATION
Description: Websphere app server authentication metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_CPU
Description: Websphere CPU usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_DB_POOL
Description: Websphere database pool metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_EJB
Description: Websphere EJB metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_MEMORY
Description: Websphere memory usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_SERVLET
Description: Websphere servlet metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_THREAD_POOL
Description: Websphere thread pool usage metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WEBSPHERE_TRANSACTION
Description: Websphere app server transaction metrics
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_DEV_MON_WMI_PING_STAT
Description: WMI Ping Statistics
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
avgDurationMSec |
Avg Round Trip Time |
uint32 |
This attribute represents Average Round Trip Time in msec. Typically used in Ping monitoring. |
|
minDurationMSec |
Min Round Trip Time |
uint32 |
This attribute represents Minimum Round Trip Time in msec. Typically used in Ping mo itoring. |
|
maxDurationMSec |
Max Round Trip Time |
uint32 |
This attribute represents Maximum Round Trip Time in msec. Typically used in Ping monitoring. |
|
pktLossPct |
Packet Loss Pct |
double |
Ratio of lost packets to the total number of sent packets. Mostly set by ping monitoring. |
|
sysDownTime |
System Downtime |
uint32 |
|
|
sysDegradedTime |
System Degraded Time |
uint32 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
EventType: PH_JOB_STAT
Description: Performance Monitor job status
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
jobId |
Job Id |
string |
|
|
jobType |
Job Type |
uint16 |
|
|
jobDetail |
Job Detail |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
jobName |
Job Name |
string |
|
|
jobDesc |
Job Description |
string |
|
|
jobStatus |
Job Status |
uint16 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
eventTime |
Event Occur Time |
Date |
|
EventType: PH_JOB_STATUS_XML_SEND_ERROR
Description: Error in sending Performance Monitor job status to app server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_JOB_STATUS_XML_SENT
Description: Performance Monitor job status sent to app server
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_JOB_STAT_SUPPRESSED
Description: Performance monitor job status sending suppressed because of no change
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
jobId |
Job Id |
string |
|
|
jobType |
Job Type |
uint16 |
|
|
jobDetail |
Job Detail |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
jobName |
Job Name |
string |
|
|
jobDesc |
Job Description |
string |
|
|
jobStatus |
Job Status |
uint16 |
|
|
pollIntv |
Polling Interval |
uint32 |
|
|
eventTime |
Event Occur Time |
Date |
|
EventType: PH_MONITOR_ARCHIVE_GET_WORKER_FAILURE
Description: phMonitor Failed to get worker list for archive change
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_ARCHIVE_UPDATE_WORKER_FAILURE
Description: phMonitor Failed to update worker archive
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_BEACONING_REGISTER_FAILURE
Description: Beaconing Registration Failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_CHECK_DEPENDENCY_FAILED
Description: Failed to check dependency
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_CMD_FAILURE
Description: phMonitor failed to run command
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_MONITOR_CMD_SEND_FAILURE
Description: FortiSIEM Monitor module failed to send command to other FortiSIEM modules
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
targetProcName |
Target Process Name |
string |
|
EventType: PH_MONITOR_COLLECTOR_REGISTER_FAILURE
Description: phMonitor failed to register collector
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_COLLECTOR_UPDATE_STATUS_FAILURE
Description: FortiSIEM Monitor module failed to update Collector status
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
msg |
Message |
string |
|
EventType: PH_MONITOR_CONFIG_DOWNLOAD_FAILURE
Description: phMonitor failed to download config from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_DELETE_SECONDARY_ON_WORKER_FAILED
Description: Failed to remove DR configuration on secondary worker
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_DELETE_SUPER_FOLLOWER_FAILED
Description: Failed to remove configuration of follower super
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_DISPATCH_CMD_MISMATCH
Description: phMonitor failed to dispatch wrong command to other processes
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
EventType: PH_MONITOR_DOMAIN_CHANGE_XML_PARSE_FAILURE
Description: phMonitor failed to parse AppDefn object from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_ENT_OR_SP_MODE_MISSING
Description: phMonitor failed to identfy Service Provider or Enterprise installation
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_EXCESSIVE_DB_LOGIN_FAILURE
Description: phMonitor failed to login to PostGreSQL
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
EventType: PH_MONITOR_FAILED_CONN_QUERYMASTER
Description: Unable to send status query to QueryMaster
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_FILE_IO_ERROR
Description: phMonitor encountered empty or unreadable file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
|
filePath |
File Path |
string |
|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_MONITOR_FILE_PERMISSION_ERROR
Description: File Permssion error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_FILE_PERMISSION_WARNING
Description: File permission warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
details |
Details |
string |
|
EventType: PH_MONITOR_FLIP_PRIMARY_FAILURE
Description: phMonitor failed to flip primary server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_FSM_AGENT_UPDATE_PWD_ERROR
Description: phMonitor failed to update FortiSIEM Agent upload password
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_GET_REPLICATION_PROGRESS_FAILED
Description: Failed to get replication progress
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_GET_UPTIME_ERROR
Description: FortiSIEM Monitor module failed to get system uptime
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_HANDLE_TASK
Description: Monitor handles task
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_HARDWARE_SN_FORK_FAILURE
Description: phMonitor failed to fork to determine hardware Serial Number
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_MONITOR_HOST_UUID_READ_FAILURE
Description: phMonitor on Collector failed to read CSI
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_HTTP_PULL_ERROR
Description: phMonitor failed to pull information via HTTP from App Server
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_INIT_PROC_MODULE_NOT_FOUND
Description: phMonitor failed to initialize - Module not found
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
module |
Module Name |
string |
|
EventType: PH_MONITOR_INIT_SECONDARY_ON_WORKER_FAILED
Description: Failed to update configuration on secondary worker
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_INIT_SUPER_FOLLOWER_FAILED
Description: Failed to update configuration of follower super
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_INIT_SYSTEM_XML_PARSE_FAILURE
Description: phMonitor failed to initialize - Wrong System Services XML in Config file
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
xmlBody |
XML Body |
string |
|
EventType: PH_MONITOR_LIB_DEPENDENCY_WARNING
Description: Library dependency warning
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
details |
Details |
string |
|
EventType: PH_MONITOR_LOCAL_HOSTNAME_GET_FAILURE
Description: phMonitor cannot get local machine host name
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_MEM_FILE_OPEN_FAILURE
Description: phMonitor failed on mem file open
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
|
userId |
User Id |
string |
|
EventType: PH_MONITOR_MISSING_MONITOR
Description: No running phMonitor process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_MMAP_FAILURE
Description: phMonitor encountered MMAP failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_MONITOR_MOTNIROR_REGISTER_FAILURE
Description: phMonitor failed to register other monitors
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_NOTIFICATION_CLIENT_CONTACT_FAILURE
Description: phMonitor Notification Client failed to contact another process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
EventType: PH_MONITOR_NOTIFICATION_CMD_EMPTY
Description: phMonitor Notification client encountered invalid argument
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_NOTIFICATION_CMD_MISMATCH
Description: phMonitor Notification client encountered unknown command type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
notifEvtId |
Notification Event Id |
uint32 |
|
EventType: PH_MONITOR_NOTIFICATION_RETURN_FAILURE
Description: phMonitor Notification client encountered returns failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
xmlBody |
XML Body |
string |
|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_MONITOR_PHOENIX_CONFIG_GLOBAL_MISSING
Description: phMonitor found GLOBAL phoenix_config section missing
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_PHOENIX_CONFIG_INVALID
Description: phMonitor found Invalid phoenix config file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_PROCESS_OWNER_NOT_ADMIN_ERROR
Description: FortiSIEM Monitor module detected that a file owner is not admin
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
userId |
User Id |
string |
|
|
groupID |
Group ID |
string |
|
EventType: PH_MONITOR_RECVD_CONFIG_CHANGE
Description: Monitor received config change notification
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_RECVD_HEARTBEAT
Description: Monitor received heartbeat from module
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptProcName |
Reported Process Name |
string |
|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
usrMsg |
User defined msg |
string |
|
EventType: PH_MONITOR_REGISTER_MONITOR_GET_WORKER_FAILURE
Description: phMonitor failed to get workers
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REGISTER_NODE
Description: Register node
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REGISTER_SUPER_FOLLOWER
Description: Register follower super
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REGISTER_WORKER
Description: Register worker
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REMOVE_NODE
Description: Remove node
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REMOVE_SUPER_FOLLOWER
Description: Remove follower super
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REMOVE_WORKER
Description: Remove worker
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REPORTSERVER_NOTIFICATION_CLIENT_CONTACT_FAILURE
Description: phMonitor Notification client failed to contact report server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
EventType: PH_MONITOR_REPORTSERVER_NOTIFICATION_CLIENT_INIT_FAILURE
Description: phMonitor Notification client failed to contact report server
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
EventType: PH_MONITOR_REPORTSERVER_NOTIFICATION_SERVER_RETURN_FAILURE
Description: phMonitor Notification client encountered report server return failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverName |
Server Name |
string |
|
EventType: PH_MONITOR_RESET_STORAGE_CONFIG_FAILED
Description: Failed to reset storage configuration
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
type |
Type |
string |
|
EventType: PH_MONITOR_RESTART_MODULES
Description: Monitor restarting all modules
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REST_CACHE_REQUEST_EMPTY
Description: phMonitor found empty REST Cache Request
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REST_CACHE_REQUEST_FAILURE
Description: phMonitor failed to get response to Cache REST API request
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
requestBody |
Request Body |
string |
|
EventType: PH_MONITOR_REST_CACHE_REQUEST_FORMAT_ILLEGAL
Description: phMonitor encountered Invalid REST Request
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
requestBody |
Request Body |
string |
|
EventType: PH_MONITOR_REST_CACHE_SERVER_INIT_FAILURE
Description: phMonitor failed to initialize HTTP cache server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_REST_CALL_FAILURE
Description: phMonitor REST API call failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
uriStem |
URI Stem |
string |
|
EventType: PH_MONITOR_ROLE_UNDEFINED
Description: phMonitor found undefined Monitor Rolein phoenix_config.txt
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_SEND_CMD_TO_MODULE
Description: Monitor sending command to module
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
EventType: PH_MONITOR_SEND_VG_UPDATE_CMD_TO_MODULE
Description: Monitor sending value group update command to module
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
EventType: PH_MONITOR_SETUID_FAILURE
Description: phMonito failed to raise privilege via setuid()
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_MONITOR_START_MODULE
Description: Monitor starting a module
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptProcName |
Reported Process Name |
string |
|
EventType: PH_MONITOR_START_MODULES
Description: Monitor starting all modules
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STATFS_FAILURE
Description: phMonitor statfs() return failure
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_MONITOR_STATUS_PUSHER_SPAWN_FAILURE
Description: phMonitor encountered error in spawning statusPusher thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STOP_MODULES
Description: Monitor stopping all modules
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STOP_READER
Description: Deactivating shared store reader
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptProcName |
Reported Process Name |
string |
|
EventType: PH_MONITOR_STORAGE_ES_CUSTOMIZED_TEMPLATE_DEPLOYED
Description: Monitor deployed customized ES templated
Severity: 1 (Low)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STORAGE_GET_WORKER_FAILURE
Description: phMonitor Failed to get worker list for storage change
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STORAGE_LOCAL_GET_FAILURE
Description: FortiSIEM Monitor module failed to get local disk configuration for event database storage
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STORAGE_NFS_GET_FAILURE
Description: phMonitor failed to get nfs
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_MONITOR_STORAGE_TYPE_GET_FAILURE
Description: phMonitor failed to get storage type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_STORAGE_TYPE_UNKNOWN
Description: phMonitor encountered unknown storage type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
type |
Type |
string |
|
EventType: PH_MONITOR_STORAGE_UPDATE_WORKER_FAILURE
Description: phMonitor Failed to update worker storage
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_SVC_PASSWORD_DISTRIBUTION_ERROR
Description: phMonitor failed to contact one or more processes with changed svc passwd - so restarting all processes
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_SYSINFO_FAILURE
Description: phMonitor could not get system uptime via sysinfo - assuming uptime of 1 day
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
EventType: PH_MONITOR_SYSTEM_DB_LOGIN_ERROR
Description: DB login failure
Severity: 6 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_SYSTEM_HEALTH_CPU
Description: PH system health issue: high CPU usage
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptProcName |
Reported Process Name |
string |
|
EventType: PH_MONITOR_SYSTEM_HEALTH_ISSUE
Description: PH system health issue: high CPU and/or memory usage
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
reptProcName |
Reported Process Name |
string |
|
EventType: PH_MONITOR_SYSTEM_HEALTH_MEM
Description: PH system health issue: memory usage
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
reptProcName |
Reported Process Name |
string |
|
EventType: PH_MONITOR_SYSTEM_STATUS_SPAWN_FAILURE
Description: phMonitor encountered error in spawning systemStatus thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_THREAD_SPAWN_FAILED
Description: Failed to spawn thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
EventType: PH_MONITOR_TUNNEL_ERROR
Description: phMonitor encountered Tunnel XML error
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_UMOUNT_NFS_FAILURE
Description: phMonitor failed to umount nfs
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNoInt |
Error Number Int |
int32 |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_MONITOR_UNABLE_CONTACT_APPSVR
Description: phMonitor uable to contact App Server - see respnse code
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
httpStatusCode |
HTTP Status |
string |
|
EventType: PH_MONITOR_UPLOAD_LOG_SPAWN_FAILURE
Description: phMonitor encountered error in spawning logUploader thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_WINAGENT_DELETE_PWD_SPAWN_FAILURE
Description: phMonitor encountered error in spawning removeHttpdPassword thread
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_WINAGENT_UPDATE_PWD_ERROR
Description: phMonitor encountered failed to update windows agent upload password
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_MONITOR_WIN_LINUX_AGENT_PWD_UPDATE_SUCCESS
Description: Windows/Linux Agent password is update successfully
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phAgentId |
Agent ID |
string |
Unique ID of Linux or Windows Agents in FortiSIEM. This is assigned by App Server when an agent registers. |
EventType: PH_MONITOR_WORKER_NODECONFIG_UPDATE_FAILED
Description: Failed to update nodejs config file with auth info on worker
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_WORKER_REDIS_ADDSLAVE_UPDATE_FAILED
Description: Failed to update redis config file with addslave info on worker
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_MONITOR_WORKER_REDIS_CONF_UPDATE_FAILED
Description: Failed to update redis config file with auth info on worker
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_COMMIT_FILE_FAILED
Description: Perf Monitoring module failed to commit file into svn - may due to race condition - will retry
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_CONFIG_SEND_FAILED
Description: Perf Monitoring module found unexpected http return code when sending config version to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_PERFMON_CONFIG_VERSION_ERROR
Description: Perf Monitoring module encountered wrong config version
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_CONFIG_VERSION_WARNING
Description: FortiSIEM Performance monitoring module detected Monitoring Config version out of sync with App server
Severity: 3 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PERFMON_CUST_JOB_ADD_FAILED
Description: Perf Monitoring module failed to add custom monitoring job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_INIT_ERROR
Description: Perf Monitoring module failed to initialize
Severity: 10 (High)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PERFMON_INST_SW_MAP_EMPTY
Description: Perf Monitoring module found that downloaded Installed software map from App Server is empty
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_INST_SW_NO_NAME
Description: Perf Monitoring module found that downloaded Installed software from App Server has no name
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_JOB_ADD_FAILED
Description: Perf Monitoring module failed to add monitoring job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_MASS_PING_WARNING
Description: Perf Monitoring MassPing module found invalid IP
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_MONITEE_BAD
Description: Perf Monitoring module encountered bad monitee map entry
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_MONITEE_NOT_FOUND
Description: Perf Monitoring module failed to find a monitee
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_NO_DEV_TYPE
Description: Perf Monitoring module encountered internal error - devTypeToJobItemMap find failed
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_PERF_OBJ_PARSE_FAILURE
Description: Perf Monitoring module did not find performance object definition in XML received from App Server
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_PING_RESULT_OPEN_FAILED
Description: Perf Monitoring module failed to open Ping result file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_PROC_RUN_FAILED
Description: Perf Monitoring module failed to run process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_REAL_TIME_JOB_RUN_FAILED
Description: Perf Monitoring module failed to run real time job
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PERFMON_ROUTE_LOAD_ERROR
Description: Perf Monitoring module failed to load network dependency from app server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PERFMON_STATUS_REPORTER_INIT_FAILED
Description: Perf Monitoring module failed to initialize job status reporter
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_STATUS_REPORT_FAILED
Description: Perf Monitoring module failed to report task status to App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_SVN_CHECKOUT_FAILED
Description: Perf / Config Monitoring module failed to check out SVN directory
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_PERFMON_SVN_CONFIG_MISSING
Description: Perf / Config Monitoring module failed to find running or startup config
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_SVN_DIR_CREATE_FAILED
Description: Perf / Config Monitoring module failed to create svn root dir
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_PERFMON_SVN_DIR_UPDATE_FAILED
Description: Perf / Config Monitoring module failed to update dir
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
dirName |
Directory Name |
string |
|
EventType: PH_PERFMON_SVN_FILE_COPY_FAILED
Description: Perf / Config Monitoring module failed to copy file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
EventType: PH_PERFMON_SVN_FILE_EMPTY
Description: Perf / Config Monitoring module config file is empty
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_FILE_MARK_FAILED
Description: Perf / Config Monitoring module failed to mark file for add to svn
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_FILE_OPEN_FAILED
Description: Perf / Config Monitoring module cannot open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_PERFMON_SVN_FILE_PARSE_FAILED
Description: Perf / Config Monitoring module failed to parse file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_FILE_REMOVE_FAILED
Description: Perf / Config Monitoring module failed to remove file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_PERFMON_SVN_FILE_RENAME_FAILED
Description: Perf / Config Monitoring module fannot rename file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
srcFilePath |
Source File Path |
string |
|
|
destFilePath |
Destination File Path |
string |
|
EventType: PH_PERFMON_SVN_FIM_FILE_MISSING
Description: Perf / Config Monitoring module failed to find FIM file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_SVN_FIRSTFILELINES_EMPTY
Description: Perf / Config Monitoring module found that FIRSTFILENAME is empty in file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_FIRSTFILELINES_NOT_IN_FILE
Description: Perf / Config Monitoring module found that FIRSTFILELINES is not in file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_GET_DEVICE_ID_FAILED
Description: Perf / Config Monitoring module failed to get device ID via hostname and IP from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_PERFMON_SVN_GET_DISCOV_TIME_FAILED
Description: Perf / Config Monitoring module failed to get discover time
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PERFMON_SVN_INFO_GET_FAILED
Description: Perf / Config Monitoring module failed to get svn info on file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_INST_SW_BAD
Description: Perf / Config Monitoring module found that Installed Software xml is incorrectly formatted
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_SVN_INVALID_FILE_FORMAT
Description: Perf / Config Monitoring module found file format error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_INVALID_HEADER_IN_FILE
Description: Perf / Config Monitoring module found that file has incomplete header
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_INVALID_SECONDFILENAME
Description: Perf / Config Monitoring module found that SECONDFILENAME is invalid
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_LINE_MISMATCH
Description: Perf / Config Monitoring module found that line number not matched with the expected value
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_SVN_SECONDFILENAME_EMPTY
Description: Perf / Configuration Monitoring module found that SECONDFILENAME is empty in file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_SVN_SOFTWARE_MISSING
Description: Perf / Configuration Monitoring module found missing installed software
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_TOPO_CONFIG_ERROR
Description: Perf Monitoring module failed to parse topo xml from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PERFMON_TOPO_FILE_OPEN_FAILED
Description: Perf Monitoring module failed to open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_PERFMON_TOPO_LOAD_ERROR
Description: Perf Monitoring module failed toload topology from app server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_TRACERT_FILE_OPEN_FAILED
Description: Perf Monitoring module cannot open file
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_PERFMON_UNKNOWN_CUST_PERF_JOB_ID
Description: Perf Monitoring module encountered unknown custom performance monitoring job id from App Server
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_UNKNOWN_PERF_JOB_ID
Description: Perf Monitoring module encountered unknown performance monitoring job id from App Server
Severity: 3 (Low)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_UNKNOWN_PROBE_JOB_ID
Description: Perf Monitoring module encountered unknown probe job id from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_PERFMON_UPDATE_CONFIG_ERROR
Description: Perf Monitoring module failed to update monitoring config from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PERFMON_UPDATE_FILTERS_ERROR
Description: Perf Monitoring module failed to update interface filter Perf Monitoring module
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PERFMON_UPDATE_ROUTE_DEPENDENCY_FAILED
Description: Perf Monitoring module failed to upload network dependency to app server - Unexpected http response code
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorNo |
Error Number Unsigned |
uint32 |
This is an unsigned integer error number |
EventType: PH_PERFMON_USER_PWD_GET_FAILED
Description: Perf Monitoring module failed to get user and password
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_PERFORM_MONITOR_ERROR
Description: FortiSIEM Performance Monitor generic error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
fileName |
File Name |
string |
|
EventType: PH_PER_MON_CONFIG_ERROR
Description: Config discover error occured
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
errReason |
Reason for Error |
string |
This is the reason for an error if given. |
EventType: PH_PER_MON_FETCH
Description: Performance Monitoring module doing SNMP fetch for an OID
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
comm |
Community String |
string |
|
|
oid |
Object Identifier |
string |
|
EventType: PH_PER_MON_FUNCTION
Description: Entering Performance Monitoring Debug Function
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
funName |
Function Name |
string |
|
EventType: PH_PER_MON_SNMP_DONE
Description: Performance Monitoring module successfully did SNMP fetch
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
comm |
Community String |
string |
|
|
oid |
Object Identifier |
string |
|
EventType: PH_PER_MON_WALK
Description: Performance Monitoring module starting SNMP walk for an OID
Severity: 1 (Low)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
comm |
Community String |
string |
|
|
oid |
Object Identifier |
string |
|
EventType: PH_PER_MON_WALK_ERROR
Description: FortiSIEM Performance Monitor SNMP Walk error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
|
comm |
Community String |
string |
|
|
oid |
Object Identifier |
string |
|
EventType: PH_STM_ACCOUNT_UNMATCHED
Description: Perf / STM module encountered unmatched LOOP_EMAIL_42 account in XML received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_AUTH_TYPE_UNKNOWN
Description: Perf / STM module encountered unknown auth type in monitor in XML received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_BAD_ELEM
Description: Perf / STM module encountered bad element in monitor in XML received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_BAD_ELEM_VALUE
Description: Perf / STM module encountered bad element values in XML received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_BAD_PORT
Description: Perf / STM module encountered bad port in XML received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_BAD_RTT_LINE
Description: Perf / STM module encountered bad RTT line in XML received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_BAD_SSL
Description: Perf / STM module encountered bad SSL in XML received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_BAD_TAG
Description: Perf / STM module encountered bad Tag in XML received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_CMD_EXEC_FAILED
Description: Perf / STM module failed to execute command
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_STM_CRED_INVALID
Description: Perf / STM module found that credential doesn't match with Custom Perf Object
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_CURL_ESCAPE_FAILED
Description: Perf / STM module found that curl_easy_escape() returned NULL
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_CURL_INIT_FAILED
Description: Perf / STM module failed to init curl - HTTP based communication will fail
Severity: 10 (High)
Event Category: 3 (System Logs)
EventType: PH_STM_DNS_TYPE_UNSUPPORT
Description: Perf / STM module found unsupported dns resource record type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_DUPLICATED
Description: Perf / STM module found duplicated srvcMonitor name or id
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_ELEM_EMPTY
Description: Perf / STM module found empty XML element received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_ELEM_MISSING
Description: Perf / STM module found missing XML element received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_ELEM_NEGATIVE
Description: Perf / STM module found negative XML element received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_ERROR
Description: Perf / STM module encountered STM monior error
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostName |
Host Name |
string |
This is the hostname of the device of interest in the event |
|
ipPort |
IP Port |
uint16 |
IP port number |
|
user |
User |
string |
|
|
errorString |
Error String |
string |
This is the error message, synonymous to attribute errReason |
EventType: PH_STM_FILE_OPEN_FAILED
Description: Perf / STM module failed to open file during STM operation
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
|
exitValue |
Command exit value |
int32 |
|
EventType: PH_STM_GET_HOST_FAILED
Description: Perf / STM module failed to get outgoing host
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
hostIpAddr |
Host IP |
IP |
This is the IP of the device of interest in the event. |
EventType: PH_STM_GUESS_TYPE_FAILED
Description: Perf / STM module could not guess resource record type
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_HTTP_RESP_FAILED
Description: Perf / STM module did not find response time from command output
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
command |
Command |
string |
|
EventType: PH_STM_METHOD_UNKNOWN
Description: Perf / STM module found unknown url method in monitor
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_MONITOR_MISSING_ACTION
Description: Perf / STM module found that No action is specified for monitor
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_MONITOR_RESULT_UPLOAD_FAILED
Description: Perf / STM module failed to upload test service monitor result xml to APP server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_NO_ORACLE_NAME
Description: Perf / STM module found missing instance name and service name for Oracle server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
serverIpAddr |
Server IP |
IP |
|
EventType: PH_STM_PORT_UNKNOWN
Description: Perf / STM module found unknown service monitor port
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_PROCESS_INVOKE_FAILED
Description: Perf / STM module failed to invoke SrvcMonJobExec::execute
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_PROTO_UNKNOWN
Description: Perf / STM module encountered unknown proto in STM job definition
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_PROTO_UNSUPPORT
Description: Perf / STM module encountered unsupported mail protocol in STM job definition
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_SERVER_ADDR_INVALID
Description: Perf / STM module encountered invalid server address in STM job definition
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_SPECIAL_LINE_NOT_FOUND
Description: Perf / STM module could not find either RTT line or packet loss line in ping response from device
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_STM_GET_PROCESS_FAILED
Description: Perf / STM module cannot get process
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_STM_GET_PROCESS_NAME_FAILED
Description: Perf / STM module cannot get process name
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_TAG_MISSING
Description: Perf / STM module found missing tag XML element received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_TAG_NOT_FOUND
Description: Perf / STM module found missing tag XML element received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_TAG_UNKNOWN
Description: Perf / STM module found unknown tag XML element received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_TRACEROUTE_FAILED
Description: Perf / STM module failed to parse traceroute output
Severity: 7 (Medium)
Event Category: 3 (System Logs)
EventType: PH_STM_XML_PARSE_FAILED
Description: Perf / STM module failed to parse xml file received from App Server
Severity: 7 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
filePath |
File Path |
string |
|
EventType: PH_USER_MON_SUDDEN_LOC_CHANGE
Description: User location anomaly detected
Notes: FortiSIEM Identity and Location Module keeps track of (Source IP, Longitude, Latitude, User, Last Seen Time). For every new Identity and Location event (See docs on Dashboard identity location), the Haversine distance ( https://en.wikipedia.org/wiki/Haversine_formula) between the new and existing Longitude and Latitudes is calculated. Then the speed required to attain this distance is calculated by dividing the Haversine distance by the elapsed time between current event and event stored in Identity and Location module. If this value exceeds 575 miles/hour, which is a reasonable limit on commercial Jetliners), then the event is generated. This event can indicate the specific user credential is likely shared or stolen, which can be a security violation.
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
user |
User |
string |
|
|
eventSource |
Event Source |
string |
|
|
srcIpAddr |
Source IP |
IP |
Source IP of a device as identified in the event. |
|
destIpAddr |
Destination IP |
IP |
Destination IP of a device as identified in the event. |
|
startTime |
Start Time |
Date |
This is the start time of a given item or task, and is stored in epoch milliseconds |
|
endTime |
End Time |
Date |
This is the end time of a given item or task, stored in epoch milliseconds. |
|
durationMSec |
Duration |
uint32 |
Duration of a connection (in msec) |
EventType: PH_USER_MON_SUDDEN_LOGIN_DISTRIBUTION_CHANGE
Description: Change in user login distribution pattern
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
profDateType |
Profile Date Type |
uchar |
|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
user |
User |
string |
|
|
computer |
Computer |
string |
|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
oldDistrib |
Old Distribution |
string |
|
|
newDistrib |
New Distribution |
string |
|
EventType: PH_USER_MON_SUDDEN_LOGIN_VOLUME_CHANGE
Description: Increase in User Login Volume
Severity: 5 (Medium)
Event Category: 3 (System Logs)
Attributes:
|
Id |
Display name |
Type |
Description |
|---|---|---|---|
|
profDateType |
Profile Date Type |
uchar |
|
|
phCustId |
Organization ID |
uint32 |
This is the FortiSIEM organization ID unique to each tenant |
|
user |
User |
string |
|
|
computer |
Computer |
string |
|
|
destName |
Destination Host Name |
string |
Destination device's hostname as identified in the log, can also be enriched using reverse lookup of the destination IP address. |
|
oldValue |
Old Value |
uint64 |
|
|
newValue |
New Value |
uint64 |
|