Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff

Created on ‎10-05-2016 01:23 AM Edited on ‎04-04-2022 01:28 PM By Anonymous

Article Id 196772

Technical Note: [Accelops KB] Informational - How is Collector Status Determined?

Description

Summary of Topic

This article describes how the collector status is determined

 

Additional Information

The Collector status mechanism works as follows. 

Every 5 seconds the Collector asks the Super if there is a task for him. 

This requests get saved by the Super. 

Every 10 minutes there is a process on the Super that checks how many tasks requests came from Collector in the past 10 minutes. 

If there were 0 then the Collector is reported as down. 

For the Collector to be seen as up again, there has to be x >= 3 task requests from the Collector within a 5 minute window. 

If App server does not hear from the collector, it generates an event (PH_COLLECTOR_DOWN) which triggers a rule and creates an Incident "System Collector Down".

 

Version Application

All



 

 

Labels:
565
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.