FortiSIEM Hardware Monitoring Events

Individual Hardware Component Status

This event is generated by AccelOps for every component that is not on normal state. The device indicates whether a specific hardware component is in warning or critical state. AccelOps captures this information and generates an event. Note that this event is only generated when at least component is in warning or critical date. When the status is normal, then this event is not generated. Also, this event is generated every poll and not just during state transitions – this makes it easy for AccelOps to trend a hardware component health. Since all the events have the same format, only one description is provided for this event family.

Event Type: PH_DEV_MON_HW_STATUS_DISK_CRIT (Individual disk status critical)

Event Type: PH_DEV_MON_HW_STATUS_DISK_WARN (Individual disk status warning)

Event Type: PH_DEV_MON_HW_STATUS_TEMP_CRIT (Individual temperature status critical)

Event Type: PH_DEV_MON_HW_STATUS_TEMP_WARN (Individual temperature status warning)

Event Type: PH_DEV_MON_HW_STATUS_FAN_CRIT (Individual fan status critical)

Event Type: PH_DEV_MON_HW_STATUS_FAN_WARN (Individual fan status warning)

Event Type: PH_DEV_MON_HW_STATUS_BATTERY_CRIT (Individual battery status critical)

Event Type: PH_DEV_MON_HW_STATUS_BATTERY_WARN (Individual battery status warning)

Event Type: PH_DEV_MON_HW_STATUS_POWERSUPPLY_CRIT (Individual power-supply status critical)

Event Type: PH_DEV_MON_HW_STATUS_POWERSUPPLY_WARN (Individual power-supply status warning)

Event Type: PH_DEV_MON_HW_STATUS_VOLTAGE_CRIT (Individual voltage status critical)

Event Type: PH_DEV_MON_HW_STATUS_VOLTAGE_WARN (Individual voltage status warning)

Event Type: PH_DEV_MON_HW_STATUS_AMP_CRIT (Individual amp/current status critical)

Event Type: PH_DEV_MON_HW_STATUS_AMP_WARN (Individual amp/current status warning)

Event Type: PH_DEV_MON_HW_STATUS_MEMORY_CRIT (Individual memory status critical)

Name Id Type Description
Event Type eventType string Event type set to PH_DEV_MON_HW_STAT
Event Severity eventSeverity uint16 0 if the event attribute hwStatusCode is 0 (Normal), 5  if hwStatusCode is 1 (Warning) and 10  if hwStatusCode is 2 (Critical)

Event Type: PH_DEV_MON_HW_STATUS_MEMORY_WARN (Individual memory status warning)

Event Type: PH_DEV_MON_HW_STATUS_LCC_CRIT (Individual EMC CLariion LCC status critical)

Event Type: PH_DEV_MON_HW_STATUS_LCC_WARN (Individual EMC Clariion LCC status warning)

Event Type: PH_DEV_MON_HW_STATUS_LINK_CRIT (Individual EMC Clariion storage link status critical)

Event Type: PH_DEV_MON_HW_STATUS_LINK_WARN (Individual EMC Clariion storage link status warning)

Event Type: PH_DEV_MON_HW_STATUS_PORT_CRIT (Individual EMC Clariion storage port status critical)

Event Type: PH_DEV_MON_HW_STATUS_PORT_WARN (Individual EMC Clariion storage port status warning)

Event Type: PH_DEV_MON_HW_STATUS_HUMIDITY_CRIT (Individual humidity status critical)

Event Type: PH_DEV_MON_HW_STATUS_HUMIDITY_WARN (Individual humidity status warning)

Event Type: PH_DEV_MON_HW_STATUS_DEWPT_CRIT (Individual dew point status critical)

Event Type: PH_DEV_MON_HW_STATUS_DEWPT_WARN (Individual dew point status warning)

Event Type: PH_DEV_MON_HW_STATUS_AUDIO_CRIT (Individual audio status critical)

Event Type: PH_DEV_MON_HW_STATUS_AUDIO_WARN (Individual audio status warning)

Event Type: PH_DEV_MON_HW_STATUS_AIRFLOW_CRIT (Individual airflow status critical)

Event Type: PH_DEV_MON_HW_STATUS_AIRFLOW_WARN (Individual airflow status warning)

Event Type: PH_DEV_MON_HW_STATUS_DRYCONTACT_CRIT (Individual dry contact status critical)

Event Type: PH_DEV_MON_HW_STATUS_DRYCONTACT_WARN (Individual dry contact status warning)

Event Type: PH_DEV_MON_HW_STATUS_DOOR_SWITCH_CRIT (Individual door switch status critical)

Event Type: PH_DEV_MON_HW_STATUS_DOOR_SWITCH_WARN (Individual door switch status warning)

Event Type: PH_DEV_MON_HW_STATUS_CAMERAMOTION_CRIT (Individual camera motion status critical)

Event Type: PH_DEV_MON_HW_STATUS_CAMERAMOTION_WARN (Individual camera motion status warning)

Description: Event containing individual hardware component status as detected by AccelOps

Source: Varies – see table above

Key Attributes: Same for all event types above as show below

 

Event Severity

Category

eventSeverityCat string Set to Low. In general, takes the values Low, Medium and High. Event Severities 0-4 are mapped to

Low, 5-8 are mapped to Medium and 9-10 are mapped to High

Event Receive

Time

phRecvTime Date Time at which AccelOps generated this event
Reporting IP reptDevIpAddr Date IP address of device reporting this event. In this case set to the device reporting the utilization (same as Host name attribute)
Relaying IP relayDevIpAddr Date IP address of device relaying this event from the source to AccelOps. In general it could be a syslog-ng IP address but in this, since AccelOps talks to the device directly, Relaying IP is set to AccelOps IP Address.
Raw Event

Log

rawEventMsg string Raw event containing all attributes in comma separated “[Attribute] = value” format.
Host name hostName string Host name (as in AccelOps CMDB) of the device whose overall hardware health is being reported
Host IP

Address

hostIpAddr IP Access IP (as in AccelOps CMDB) of the device whose overall hardware health is being reported
Hardware

Status

hwStatusCode uint16 Overall hardware status: 0 for Normal, 1 for Warning and 2 for Critical
Hardware

Component

Name

hwComponentName string Name of the component that is in warning or critical state – name may indicate rack, bay or location or some sort of id to uniquely specify the component
Hardware

Component

Status

hwComponentStatus string Detailed status of the component – e.g Disk rebuilding, that caused the component to be in warning or critical state
This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.