Event Attribute Master List
This section describes the master list of event attributes. Events are parsed into these attributes and used in Accelops analytics. There are 4 broad categories of event attributes
Generic Attributes
Network Attributes
System Attributes
Application Attributes
Environmental Attributes
Generic Attributes
Name | Id | Type | Description |
Event Type | eventType | string | Event type set to PH_DEV_MON_SYS_CPU_UTIL |
Event Name | eventName | string | |
Event Severity | eventSeverity | uint16 | Set to 1. In general, a number between 0 (lowest severity) and 10 (highest severity) |
Event Severity
Category |
eventSeverityCat | string | Set to Low. IN general, takes the values Low, Medium and High. Event Severities 0-4 are mapped to Low, 5-8 are mapped to Medium and 9-10 are mapped to High |
IPS Event Risk
Rating |
ipsEvRR | ||
IPS Event Threat
Rating |
ipsEvTR | ||
Event ID | eventId | ||
Event Receive
Time |
phRecvTime | Date | Time at which AccelOps generated this event |
Device Time | deviceTime | Date | |
Event Action | eventAction | uint16 | |
Reporting IP | reptDevIpAddr | Date | IP address of device reporting this event. In this case set to the device reporting the utilization (same as Host name attribute) |
Reporting Device
Name |
reptDevName | string | |
Relaying IP | relayDevIpAddr | Date | IP address of device relaying this event from the source to AccelOps. In general it could be a syslog-ng IP address but in this, since AccelOps talks to the device directly, Relaying IP is set to AccelOps IP Address. |
Relaying Device
Name |
relayDevName | string | |
Raw Event Log | rawEventMsg | string | Raw event containing all attributes in comma separated “[Attribute] = value” format. |
Poll Interval | pollIntv | uint32 | Polling interval in seconds |
Customer ID | phCustId | ||
Customer Name | customer | ||
Agent ID | phAgentId | ||
Event Rate (/sec) | eventsPerSec | ||
Peak Event Rate
(/sec) |
peakEventsPerSec | ||
Event Parse
Status |
eventParsedOK | ||
Incident Source | incidentSrc | ||
Incident Target | incidentTarget | ||
Incident Reporting
IP |
incidentRptIp | ||
Incident Trigger
Attribute List |
triggerAttrList | ||
Incident Detail | incidentDetail | ||
Incident ID | incidentId | ||
Incident Status | incidentStatus | ||
Incident First
Occurrence Time |
incidentFirstSeen | ||
Incident Last
Occurrence Time |
incidentLastSeen | ||
Incident Ticket ID | incidentTicketId | ||
Incident Ticket
Status |
incidentTicketStatus | ||
Incident Ticket
User |
incidentTicketUser | ||
Incident
Comments |
incidentComments | ||
Incident View
Status |
incidentViewStatus | ||
Incident View
Users |
incidentViewUsers | ||
Incident Cleared
Time |
incidentClearedTime | ||
Incident Cleared
User |
incidentClearedUser | ||
Incident Cleared
Reason |
incidentClearedReason | ||
Incident
Notification Recipients |
incidentNotiRecipients | ||
Network Attributes
Name | Id | Type | Description |
Source IP | srcIpAddr | IP | Source IP address of the flow |
Source Host Name | srcName | ||
Host IP | hostIpAddr | IP | |
Host Name | hostName | ||
Dest IP | destIpAddr | IP | Destination IP address of the flow |
Dest Name | destName | ||
Source MAC | srcMACAddr | ||
Dest MAC | destMACAddr | ||
Host MAC | hostMACAddr | ||
IP Protocol | ipProto | uint16 | IP protocol e.g. TCP/UDP/GRE/ICMP etc |
Source TCP/UDP Port | srcIpPort | uint16 | Source TCP/UDP port |
Dest TCP/UDP Port | destIpPort | uint16 | Destination TCP/UDP port |
ICMP Type | icmpType | uint16 | ICMP type |
ICMP Code | icmpCode | uint16 | ICMP code |
IP Type of Service | tos | uchar | IP Type of Service |
Sent TCP flags | srcDestTCPFlags | uchar | OR-ed TCP Flags from Source to Destination |
Received TCP flags | destSrcTCPFlags | uchar | OR-ed TCP Flags from Destination to Source |
Source Intf SNMP Index | srcSnmpIntfIndex | uint16 | Source SNMP interface index |
Dest Intf SNMP Index | destSnmpIntfIndex | uint16 | Destination SNMP interface index |
Source Intf name | srcIntfName | ||
Dest Intf Name | destIntfName | ||
Host Intf Name | intfName | ||
Source Autonomous System Number | srcASNum | uint16 | Source Autonomous number |
Dest Autonomous System Number | destASNum | uint16 | Destination Autonomous number |
Source VLAN | srcVLAN | ||
Dest VLAN | destVLAN | ||
Host VLAN | hostVLAN | ||
Sent Bytes | sentBytes | uint32 | Sent Bytes in this flow |
Sent Packets | sentPkts | uint32 | Sent Packets in this flow |
Sent Bytes Rate (/sec) | sentBytesPerSec | ||
Received Bytes | recvBytes | uint32 | Received Bytes in this flow |
Received Packets | recvPkts | uint32 | received Packets in this flow |
Received Bytes Rate (/sec) | recvBytesPerSec | ||
Total Bytes | totBytes | ||
Total Packets | totPkts | ||
Total Byte rate (/sec) | totBytesPerSec | ||
Total Packet Rate (/sec) | totPktsPerSec | ||
Duration | durationMsec | ||
Intf Out Queue Length | outQlen | ||
In Packet Error | inIntfPktErr | ||
Out Packet Error | outIntfPktErr | ||
In Packet Error Pct | inIntfPktErrPct | ||
Out Packet Error Pct | outIntfPktErrPct | ||
In Intf Util | inIntfUtil | double | |
Out Intf Util | outIntfUtil | double | |
In Packet Discard | inIntfPktDiscarded | ||
Out Packet Discard | outIntfPktDiscarded | ||
In Packet Discard Pct | inIntfPktDiscardedPct | ||
Out Packet Discard Pct | outIntfPktDiscarded | ||
Source Firewall Zone | srcFwZone | ||
Dest Firewall Zone | destFwZone | ||
Min Jitter | minJitterMs | ||
Max Jitter | maxJitterMs | ||
Avg Jitter | avgJitterMs | ||
Min SD Jitter | minJitterSDMs | ||
Max SD Jitter | maxJitterSDMs | ||
Avg SD Jitter | avgJitterSDMs | ||
Min DS Jitter | minJitterDSMs | ||
Max DS Jitter | maxJitterDSMs | ||
Avg DS Jitter | avgJitterDSMs | ||
Packets Lost | pktLost | ||
Packets SD Lost | pktLostSD | ||
Packets DS Lost | pktLostDS | ||
Packets Missing | pktMIA | ||
Packets Late | pktLate | ||
Packets Out-of-Seq | pktOutSeq | ||
VoIP MOS Score | mosScore | ||
VoIP ICPIF Score | icpifScore | ||
VoIP Codec | codec | ||
VoIP Phone Status | voIPPhoneStatus | ||
Calling Party Number | callingPartyNumber | ||
Original Called Party Number | originalCalledPartyNumber |
Final Called Party Number | finalCalledPartyNumber | ||
Call Connect Time | dateTimeConnect | ||
Call Disconnect Time | dateTimeDisconnect | ||
Call Duration | callDuration | ||
CBQoS Policy Name | qosPolicy | ||
CBQoS Class Name | qosClass | ||
CBQoS Conform KBps | qosConformRate | ||
CBQoS Exceeded KBps | qosExceedRate | ||
CBQoS Violated KBps | qosViolateRate | ||
CBQoS PrePolice KBps | qosPrePoliceRate | ||
CBQoS PostPolice KBps | qosPostPoliceRate | ||
CBQoS Drop KBps | qosDropRate | ||
CBQoS Drop Pct | qosDropPct | ||
CBQoS Curr Queue Length | qosCurrQueue | ||
CBQoS Max Queue Length | qosMaxQueue | ||
CBQoS Discarded Pkt | qosDiscardPkt | ||
OSPF State | ospfState | ||
BGP State | bgpState | ||
OSPF Area Id | ospfAreaId | ||
Source FiberChannel WWN Id | srcWWN | ||
Dest FiberChannel WWN Id | destWWN | ||
wlanSsid | |||
wlanControllerIp | |||
wlanContrHostName | |||
wlanUserCount | |||
wlanSuppChannels | |||
wlanSendutil | |||
wlanRecvUtil | |||
wlanChannelUtil | |||
wlanPoorSNRUserCount | |||
ifLoadProfile | |||
ifIntefProfile | |||
ifCoverageProfile | |||
ifNoiseProfile | |||
wlanRssi | |||
wlanSnr | |||
wlanMobilityStatus | |||
wlanProtocol | |||
wlanAssocUpTime | |||
wlanMaxHostTxmitRate | |||
ifCoverageIndx | |||
ifNoseIndx | |||
ifIntefIndex | |||
System Attributes
Name | Id | Type | Description |
Computer | computer | ||
Target Computer | targetComputer |
Domain | domain | ||
Target Domain | targetDomain | ||
Source Domain | srcDomain | ||
Destination Domain | destDomain | ||
Operating System Type | osType | ||
Operating System
Version |
osVersion | ||
File Name | fileName | ||
Object Type | osObjType | ||
Object Name | osObjName | ||
Target Object Type | targetOsObjType | ||
Target Object Name | targetOsObjName | ||
Object Handle | osObjHandleID | ||
Object Access Type | osObjAccessType | ||
Object Action | osObjAction | ||
System Uptime | sysUpTime | ||
System Uptime Pct | sysUpTimePct | double | |
System Downtime | sysDownTime | ||
CPU Name | cpuName | string | |
CPU utilization | cpuUtil | double | Overall CPU utilization (between 0-100). The number is an average over all CPUs in a multi-cpu system. |
User CPU Utilization | userCpuUtil | double | User CPU utilization (between 0-100). The number is an average over all CPUs in a multi-cpu system. Available for Linux (via SNMP) only. |
System CPU Utilization | sysCpuUtil | double | System CPU utilization (between 0-100). The number is an average over all CPUs in a multi-cpu system. Available for Linux (via SNMP) only. |
Memory Name | memName | string | |
Memory Utilization | memUtil | double | |
Free memory (KB) | freeMemKB | uint32 | |
Buffer Memory (KB) | bufMemKB | uint32 | |
Cache Memory (KB) | cacheMemKB | uint32 | |
Swap Memory Utilization | swapMemUtil | double | |
Free Swap Memory (KB) | freeSwapMemKB | uint32 | |
Minimum Swap Memory
(KB) |
memMinimumSwap | uint32 | |
Swap Memory Error
Message |
swapMemErrorString | string | |
Swap Read (Pages/sec) | swapInRate | double | |
Swap Write (Pages/sec) | swapOutRate | double | |
Total Swap (Pages/sec) | swapRate | double | |
Swap Read (KBps) | swapReadKBytesPerSec | ||
Swap Write (KBps) | swapWriteKBytesPerSec | ||
Total Read I/O Rate
(KBps) |
ioReadKBytesPerSec | ||
Total Write I/O Rate
(KBps) |
ioWriteKBytesPerSec | ||
Disk Name | diskName | ||
Disk Utilization | diskUtil | ||
Free Disk (MB) | freeDiskMB | ||
Total Disk (MB) | totalDiskMB | ||
Used Disk (MB) | usedDiskMB | ||
Disk Queue Length | diskQLen |
Current Daily Disk
Growth |
diskGrowthMBDaily | ||
Current Weekly Disk
Growth |
diskGrowthMBWeekly | ||
Current Monthly Disk
Growth |
diskGrowthMBMonthly | ||
Average Daily Disk
Growth |
avgDiskGrowthMBDaily | ||
Average Weekly Disk
Growth |
avgDiskGrowthMBWeekly | ||
Average Monthly Disk
Growth |
avgDiskGrowthMBMonthly | ||
Days To Disk Full | timeToDiskFull | ||
RAID Group Id | raidGrpId | ||
RAID Type | raidType | ||
Application Attributes
Name | Id | Type | Description |
Application Name | appName | string | Short descriptive name of the process, e.g. “Microsoft IIS” |
Application Group Name | appGroupName | string | Name of the application group to which the process belongs; e.g. “Microsoft IIS” |
Software Name | swProcName | string | Process/Executable name; e.g. svchost.exe |
Software Param | swParam | string | Process/Executable parameters, e.g. “-k iissvc” |
CPU utilization | cpuUtil | double | Process CPU utilization (between 0-100). |
Memory utilization | memUtil | double | Process memory utilization (between 0-100). |
Real Peak Memory (KB) | realMemPeakKBytes | uint32 | Peak real memory usage (KBytes). |
Disk Read Rate (KBps) | diskReadKBytesPerSec | double | Process disk read rate (KBytes/sec). |
Disk Write Rate (KBps) | diskWriteKBytesPerSec | double | Process disk write rate (KBytes/sec). |
Environmental Attributes
Name | Id | Type | Description |
Hardware Status | hwStatusCode | string | |
Hardware Battery Status | hwBatteryStatus | ||
Hardware Disk Status | hwDiskStatus | ||
Hardware Power Supply Status | hwPowerSupplyStatus | ||
Hardware Temp Sensor Status | hwTempSensorStatus | ||
Hardware Fan Status | hwFanStatus | ||
Hardware Amp Status | hwAmpStatus | ||
Hardware Voltage Status | hwVoltageStatus | ||
Hardware Memory Status | hwMemoryStatus | ||
Hardware Log Status | hwLogStatus | ||
Hardware Processor Status | hwProcStatus | ||
Hardware Power Chord Status | hwPowerChordStatus | ||
Hardware Storage Controller Status | hwStorageControllerStatus | ||
HardwareStorage Channel Status | hwStorageChannelStatus | ||
Hardware Storage Enclosure Status | hwStorageEnclosureStatus |
Hardware Power Supply Status | hwStoragePowerSupplyStatus | ||
Hardware Storage Fan Status | hwStorageFanStatus | ||
Hardware Storage Temp Status | hwStorageTempStatus | ||
Hardware EMM Status | hwStorageEMMStatus | ||
Hardware Log Disk Status | logDiskStatus | ||
Failed Power Supply Count | hwFailedPowerSupplyCount | ||
Storage LLC Status | hwLLCStatus | ||
Storage Link Status | hwLinkStatus | ||
Storage Port Status | hwPortStatus | ||
Hardware Misc Component Status | hwMiscCompStatus | ||
Host Spare Disk Count | hwHotSpareDiskCount | ||
UPS Battery Status | upsBatteryStatus | ||
UPS Remaining Battery Charge (Pct) | upsRemainBatteryChargePct | ||
UPS Replace Battery Indicator | upsReplaceBatteryIndicator | ||
UPS Time On Battery (sec) | upsTimeOnBattery | ||
UPS Output Status | upsBasicOutputStatus | ||
UPS Output Load | upsAdvOutputLoad | ||
UPS Output Voltage (V) | upsAdvOutputVoltage | ||
UPS Output Frequency (Hz) | upsAdvOutputFreq | ||
UPS Battery Current (Amp) | upsBatteryCurrent | ||
UPS Battery Temperature (C) | upsBatteryTempC | ||
UPS Battery Voltage | upsBatteryVoltage | ||
UPS Estimated Time Remaining (sec) | upsEstSecRemain | ||
Temperature (C) | envTempDegC | ||
High Temperature Threshold (C) | envTempHighThreshDegC | ||
Low Temperature Threshold (C) | envTempLowThreshDegC | ||
Temperature Offset High (C) | envTempOffHighDegC | ||
Temperature Offset Low (C) | envTempOffLowDegC | ||
Temperature (F) | envTempDegF | ||
High Temperature Threshold (F) | envTempHighThreshDegF | ||
Low Temperature Threshold (F) | envTempLowThreshDegF | ||
Temperature Offset High (F) | envTempOffHighDegF | ||
Low Temperature Threshold (F) | envTempOffLowDegF | ||
Relative Humidity | envHumidityRel | ||
High Relative Humidity Threshold | envHumidityRelHighThresh | ||
Low Relative Humidity Threshold | envHumidityRelLowThresh | ||
Humidity Offset High | envHumidityOffHigh | ||
Humidity Offset Low | envHumidityOffLow | ||
Liebert HVAC System State | lgpSystemState | ||
Liebert HVAC Cooling State | lgpCoolingState | ||
Liebert HVAC Heating State | lgpHeatingState | ||
Liebert HVAC Humidifying State | lgpHumidState | ||
Liebert HVAC Dehumidifying State | lgpDehumidState | ||
Liebert HVAC Economy Cycle State | lgpEconCycle | ||
Liebert HVAC Fan State | lgpFanState | ||
Liebert HVAC Cooling capacity | envCoolCap | ||
Liebert HVAC Heating Capacity | envHeatCap | ||
outputVoltageXNVolts | |||
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Hi, Im training on a FortiSIEM all in one Supervisor VM and cant find any troubleshooting steps on phtools or what to do when the PH QueryMaster is down and am getting a critical health warning on localhost?