FortiSIEM Availability Related Rules and Reports

Availability Related Rules and Reports
AccelOps Availability Rules

System component issues

System Collector Down: Detects that collector is down

System Collector Event Delayed: Detects that collector has not sent an event to AccelOps cloud for more than 10 minutes System Worker Down: Detects that system worker is down License Issues

System License Warning: High Event Rate: Detects that the system is receiving events at a rate that is higher than the license limit.

Events beyond the license limit would be dropped unless the license is upgraded

System License Warning: High Config Items: Detects that the number of CMDB configuration items is close to the license limit additonal configuration items would not be stored unless the license is upgraded.

Notification issues

Scheduled Report Send Error: Detects that system has failed to deliver a scheduled report

Incident Notification Error: Detects that system has failed to take notification action on an incident

Large Supervisor JMS Request Queue: Detects that Supervisor JMS Request queue is very large

Large Supervisor JMS System Queue: Detects that Supervisor JMS System queue is very large

Data collection errors

WMI Service Unavailable: Detects that WMI service is unavailable

SNMP Service Unavailable: Detects that SNMP service is unavailable

Performance Monitoring Error: Detects that the system failed to monitor a performance monitoring metric

No Events Reported In Last Hour: Detects that a reporting device that reported events (logs etc) in the last hour did not report any events this hour. This does not include monitoring events (like CPU, Memory etc). This indicates that there is a problem in the network or at the reporting device.

Large Worker Input Event Queue: Detects that Worker input event queue is very large (greater than 100MB). This indicates that the workers are falling behind in handling events and cannot keep pace with the rate at which workers are sending events. Consider ading more workers or adding resources to workers.

Large Worker Input SVN Queue: Detects that Worker input SVN queue is very large (greater than 100MB). This indicates that the workers are falling behind in handling SVN files from collectors or from the parser modules. Check the SVN installation. Event Storage/Archiving/Purging issues


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website