Network Interface Monitoring
Event Type: PH_DEV_MON_NET_INTF_UTIL
Description: Event containing network interface utilization metrics Source – almost all devices via SNMP:
Cisco IOS (SNMP), , Cisco NX-OS, Extreme ExtremeOS, Foundry Ironware, HP ProCurve
Cisco ASA/PIX/FWSM (SNMP), Checkpoint FW-1, Juniper SSG/ISG, Palo Alto Firewall, Sonicwall SonicOS, Fortinet FortiOS Cisco IPS (SNMP), Tippingpoint IPS (SNMP)
NetApp DataONTAP (SNMP)
Microsoft Windows (SNMP or WMI), Linux (SNMP), Solaris (SNMP), HP-UX (SNMP), IBM AIX (SNMP)
Sample event
[PH_DEV_MON_NET_INTF_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=phIn tfFilter.cpp,[lineNumber]=275,[intfName]=GigabitEthernet4/41,[intfA lias]=Connection to Internet,[hostName]=SJ-Main-Cat6500,[hostIpAddr]=192.168.0.1,[pollI ntv]=177,[recvBytes]=0,[recvBitsPerSec]=0.000000,[inIntfUtil]=0.000 000,[sentBytes]=0,[sentBitsPerSec]=0.000000,[outIntfUtil]=0.000000,
[recvPkts]=0,[sentPkts]=0,[inIntfPktErr]=0,[inIntfPktErrPct]=0.0000 00,[outIntfPktErr]=0,[outIntfPktErrPct]=0.000000,[inIntfPktDiscarde d]=0,[inIntfPktDiscardedPct]=0.000000,[outIntfPktDiscarded]=0,[outI ntfPktDiscardedPct]=0.000000,[outQLen]=0,[intfSpeed64]=1000000000,[ intfAdminStatus]=up,[intfOperStatus]=down,[daysSinceLastUse]=487,[p hLogDetail]=
Key Attributes:
Name | Id | Type | Description |
Event Type | eventType | string | Event type set to PH_DEV_MON_NET_INTF_UTIL |
Event
Severity |
eventSeverity | uint16 | Set to 1. In general, a number between 0 (lowest severity) and 10 (highest severity) |
Event
Severity Category |
eventSeverityCat | string | Set to Low. IN general, takes the values Low, Medium and High. Event Severities 0-4 are mapped to Low, 5-8 are mapped to Medium and 9-10 are mapped to High |
Event
Receive Time |
phRecvTime | Date | Time at which AccelOps generated this event |
Reporting IP | reptDevIpAddr | Date | IP address of device reporting this event. In this case set to the device reporting the utilization (same as Host name attribute) |
Relaying IP | relayDevIpAddr | Date | IP address of device relaying this event from the source to AccelOps. In general it could be a syslog-ng IP address but in this, since AccelOps talks to the device directly, Relaying IP is set to AccelOps IP Address. |
Raw Event
Log |
rawEventMsg | string | Raw event containing all attributes in comma separated “[Attribute] = value” format. |
Host name | hostName | string | Host name (as in AccelOps CMDB) of the device whose CPU utilization is being reported |
Host IP
Address |
hostIpAddr | IP | Access IP (as in AccelOps CMDB) of the device whose CPU utilization is being reported |
Host Intf
Name |
intfName | string | The name of the network interface for which this statistics applies |
In Intf Util | inIntfUtil | double | Inbound (or received) network utilization (between 0-100). |
Received
Bytes |
recvBytes | uint32 | Inbound (or received) bytes during this interval |
Received
Byte Rate (/sec) |
recvBytesPerSec | double | Inbound (or received) byte rate during this interval |
Received
Packets |
recvPkts | uint32 | Inbound (or received) packets received during this interval |
In Packet
Error |
inIntfPktErr | uint32 | Inbound (or received) packet errors |
In Packet
Error Pct |
inIntfPktErrPct | double | Inbound (or received) packet error as a percentage of total packets |
In Packet
Discards |
inIntfPktDiscarded | uint32 | Inbound (or received) packet discarded |
In Packet
Discard Pct |
inIntfPktDiscardedPct | double | Inbound (or received) packet discarded as a percentage of total packets |
Out Intf Util | outIntfUtil | double | Outbound (or sent) network utilization (between 0-100). |
Sent Bytes | sentBytes | uint32 | Outbound (or sent) bytes during this interval |
Sent Byte
Rate (/sec) |
sentBytesPerSec | double | Inbound (or received) byte rate during this interval |
Sent Packets | sentPkts | uint32 | Outbound (or sent) packets sent during this interval |
Out Packet
Error |
outIntfPktErr | double | Outbound (or sent) packet errors |
Out Packet
Error Pct |
outIntfPktErrPct | double | Outbound (or sent) packet error as a percentage of total packets |
Out Packet
Discards |
outIntfPktDiscarded | uint32 | Outbound (or sent) packet discarded |
Out Packet
Discard Pct |
outIntfPktDiscardedPct | double | Outbound (or sent) packet discarded as a percentage of total packets |
Out Queue
Length |
outQLen | uint32 | Length of output queue |
Poll Interval | pollIntv | uint32 | Polling interval in seconds |
Name | Id | Type | Description |
Event Type | eventType | string | Event type set to PH_DEV_MON_SYS_DISK_TREND_DAY |
Event Severity | eventSeverity | uint16 | Set to 1. In general, a number between 0 (lowest severity) and 10 (highest severity) |
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!