Inspecting Event Pulling Methods for Devices
Once you have discovered and approved the devices in your IT infrastructure, you should verify that the FortiSIEM perfMonitor module is polling them over the correct access protocol and pulling event information from them. If you are having issues collecting performance metrics from your devices, you should begin troubleshooting by first checking the status of the event pulling method for the device.
- Go to Admin > Setup Wizard > Pull Events.
- Review the Event Pulling Status for each of your discovered devices.
| Status | Description |
| Successful | If event information is being pulled from the device, you will see the name of the event pulling method rendered in plain black text. |
| Added but
Not Monitored |
If the name of the event pulling method has a Star icon next to it, event information can be successfully pulled from the device, but the perfMonitor module has not yet initiated monitoring. |
| Paused | A Pause icon indicates that event information is not being pulled from the device because it failed the verification check at the beginning of the monitoring cycle. This is usually caused by an issue with the access protocol credentials. The credential was valid when discovery succeeded, and so the event pulling method was able to monitor the associated metrics, but the perfMonitor module failed on the credential at a later time. You should check the access protocol credentials associated with the devices and event pulling methods, and then re-initiate discovery of the device. |
| Failed | An Alert icon and the name of the event pulling method in red indicates that adding that event pulling method for the device failed. |
- Click Show Errors to view a more detailed description of any errors associated with an event pulling method.
- Click Edit to change any of the event pulling methods associated with a device.
- Click Apply to apply any changes to your event pulling methods.
- Click Test Pull Events to test any changes you make.