Sensor details
This Senor details page provides an overview of each sensor’s status, resource usage, connectivity, and configuration details.
The top of the page displays the following information:
|
Statistic |
Description |
|---|---|
| Created | The date and time when the sensor was provisioned or first connected. |
| Location | The physical or logical site associated with the sensor. |
| Type | The deployment platform for the sensor. For example, ESXi, indicating it runs as a virtual appliance on VMware ESXi. |
| CPU | The current processor utilization reported by the sensor. The usage value is color-coded:
|
|
Memory |
The current memory utilization reported by the sensor. The usage value is color-coded:
|
| EPS | The average number of events per second generated over the last seven days. |
| Bits/s | The average throughput in bits per second over the last seven days. |
Status Tab
The Status tab shows the current state of the sensor, including whether it is online, offline, or in a transitional phase. It also provides hardware details and connectivity indicators so you can quickly assess sensor health.
Connection Status
|
Field |
Description |
|---|---|
| Status | Indicates whether the sensor is currently online and connected to the management system. |
| Serial Number | The unique identifier for the sensor hardware or virtual instance. |
| Management IP | The IP address used for managing and communicating with the sensor. |
| Last Updated | The timestamp of the most recent status update from the sensor. |
Device Enrichment Status
This section appears when Device Enrichment is enabled. See Device enrichment.
|
Field |
Description |
|---|---|
| Last Run Time |
Displays the timestamp of the most recent device enrichment cycle executed, whether scheduled or manually triggered. |
| Last Upload Time |
Shows the timestamp of the most recent upload of enrichment results from the sensor. This indicates when updated device information was last synchronized. |
| Message |
Displays raw status or progress information provided by the sensor during the device enrichment process. This field is intended for troubleshooting and provides visibility into the sensor’s activity. |
Interfaces
Each interface displays its IP address when that information is available from the API response. This is especially helpful if the interface is configured as a NetFlow collector.
A green interface indicates that a cable is connected, while a gray interface means no connection. Click the interface label to view its MAC address.
|
Interface |
Description |
|---|---|
ensxxx (mgmt) |
Displays traffic rate and IP address for the management interface. |
ensxxx |
Shows traffic rate for the secondary interface used for data capture. |
The following table details the naming convention for interfaces on FortiNDR Cloud sensors.
| Label | Sensor Type | Interface Type | Purpose | Max Bandwidth |
|---|---|---|---|---|
| em4 | Physical | Ethernet | Management | 1 Gb/s |
| em3 | Physical | Ethernet | Monitoring | 1 Gb/s |
| em2 | Physical | Ethernet | Monitoring | 10 Gb/s |
| em1 | Physical | Ethernet | Monitoring | 10 Gb/s |
| p#p## | Physical | Fiber | Monitoring | 10 Gb/s |
| eth0 | Virtual | Virtual | Management | N/A |
| eth1+ | Virtual | Virtual | Monitoring | N/A |
Hardware
|
Field |
Description |
|---|---|
| Processor(s) | Details the CPU model and specifications used by the sensor. |
| Number of Cores | Indicates how many CPU cores are available for processing tasks. |
| Memory | The total amount of RAM allocated to the sensor for operations and the percentage currently in use. |
| Total Disk Space | The total storage capacity available for logs and system files. |
CPU & Memory Usage
Shows the percentage of CPU currently in use by the sensor. The graph tracks CPU and memory usage for the last 7 days. Hover over the graph to view usage at a specific point in time.
The chart can be viewed by hour or by day. The tooltip displays time for hourly intervals and date for daily intervals. A 5 minute interval is available only for ranges within 24 hours; if the range is larger, the system automatically switches to a compatible interval such as hourly or daily.
The maximum selectable range is 14 days. The last time shown may end at xx:55 instead of xx:59 because of interval rounding.
Software
|
Field |
Description |
|---|---|
| Operating System | The OS running on the sensor, including version details. |
| ZEEK Version | The installed version of ZEEK used for network traffic analysis. |
| Suricata Version | The installed version of Suricata for intrusion detection and analysis. |
| Sensor Version | The current version of the sensor software package. |
History
The History table is sorted in descending order by timestamp. A message appears if there is no history to display.
|
Field |
Description |
|---|---|
| Timestamp | The date and time the action was recorded in UTC. |
| Action | The operation performed on the sensor, such as Provision, Pause, or Resume. |
| User Account Name | The account associated with the user who performed the action. |
| User Name | The individual user or service identity that triggered the action. |
| Comment | An optional note explaining the reason or context for the action. |
Telemetry Tab
The Telemetry tab displays traffic and performance metrics such as throughput and event rates over time. This tab helps you monitor sensor activity and detect trends that may affect network visibility or performance.
The Telemetry page includes three tabs that provide different types of sensor data:
|
Tab |
Description |
|---|---|
| Throughput |
Displays measurements of total throughput across the sensor’s interfaces in bits per second. You can view the data as a line or bar graph for any time period, group by interface name, set the interval to Day, Hour, or 5 Minutes, and download the data as a CSV file. The legend displays the total throughput count for each individual sensor from highest to lowest. Use the toggles in the legend to show or hide a line in the graph. You also have the option of showing or hiding all entries. |
| Events | Shows the number of events produced by the sensor. The data can be displayed as a line or bar graph and grouped by event type. The legend lists sensors from highest to lowest event count and includes toggles to show or hide individual lines or all entries. |
| Visibility | Displays observed devices for the sensor, similar to a simplified version of the Devices page. This helps you identify endpoints seen by the sensor over time. |
| CPU & Memory Usage |
Shows the percentage of CPU currently in use by the sensor. The graph tracks CPU and memory usage for the last 7 days. Hover over the graph to view usage at a specific point in time. The chart can be viewed by hour or by day. The tooltip displays time for hourly intervals and date for daily intervals. A 5 minute interval is available only for ranges within 24 hours; if the range is larger, the system automatically switches to a compatible interval such as hourly or daily. The maximum selectable range is 14 days. The last time shown may end at |
|
The Traffic by Type custom dashboard displays the data in the Events tab in the Sensor telemetry page. When you click the widget header it opens the Sensor telemetry page. All the filters applied to the widget will be transferred to the Sensor Telemetry page. See, Creating custom dashboards |
Settings Tab
Update sensor information such as the name, location, and labels, and configure options such as packet capture.
|
For assistance with these settings, contact your Technical Success Manager. |
|
|
Enabling PCAP has security and privacy complications. Before enabling PCAP, consult with your Technical Success Manager. For example, networks with data that is subject to regulatory requirements may require certain controls to be in place before enabling this feature. Enabling this feature may also require uploading a public key to encrypt any PCAPs. See, Account management or contact Customer Support for more information on public keys. |
|
Statistic |
Description |
|---|---|
|
General |
Click Edit General Settings to edit these settings. |
|
Location |
The physical location of the sensor. |
|
Labels |
arbitrary labels (hostname, site/building code, etc.) |
|
Features |
Click Edit Feature Settings to edit these settings. |
|
PCAP Enabled |
Toggle ON to enable PCAP capture. |
|
Packet Inspection Engine |
The network packets used to identify traffic and enforce security policies. |