Skip to main content
jokes54321
jokes54321
New Member
May 18, 2017
Solved

How to monitor Load Balancer

  • May 18, 2017
  • 1 reply
  • 13462 views

We have a pair of 1500d units and FortiAnalyzer. Last night one of our web servers started throwing errors. I *think* the Fortigate failed over to the other node, but I haven't be able to find any log to prove this.

 

How does one configure the Fortigate, or FortiAnalyzer, to alert someone when LB monitoring logs a failure with a web server?

 

Denny

    Best answer by neonbit

    The best place to look for logs is the log reference guide:

     

    https://docs.fortinet.com....6.3-Log-Reference.pdf

     

    Below are the ones that deal with the Load balancer. I think the ones you want are logs 46003 and 46006. You could add event triggers in FortiAuthenticator for these to get emails.

     

    46000 - LOG_ID_VIP_REAL_SVR_ENA 880

    46001 - LOG_ID_VIP_REAL_SVR_DISA 881

    46002 - LOG_ID_VIP_REAL_SVR_UP 882

    46003 - LOG_ID_VIP_REAL_SVR_DOWN 883

    46004 - LOG_ID_VIP_REAL_SVR_ENT_HOLDDOWN 883

    46005 - LOG_ID_VIP_REAL_SVR_FAIL_HOLDDOWN 884

    46006 - LOG_ID_VIP_REAL_SVR_FAIL 885

    1 reply

    terry_vos
    terry_vos
    New Member
    May 31, 2017

    While it's not quite the question you asked - I have a rule in my FortiAnalyzer to alert me to an HA Failover. FortiAnalyzer -> Event Management -> Event Handler List -> HA Failover -> editing that to provide you specifics....

    Filters are: Log Type of Event Log, Event Category of HA, Group By Log Description, Logs match "ALL" Log Field = Log Description

    Match Criteria = Equal To

    Value = Virtual cluster move member state

    Notifications are set to Generate alert when at least 1 matches occurred over a period of 30 minutes.

    Set SMTP mail as appropriate to you.

    sotir1984
    sotir1984
    New Member
    January 29, 2018

    Hi,

     

    I also have the same issue now. I am thinking of a way to get alert from FortiGate or FortiAnalyzer when some of the real servers in LoadBalancer config fail.

     

    If you found a way to do it, please tell :)

     

    If i find it in the meantime i will update you.

     

    Regards

    neonbit
    neonbitAnswer
    New Member
    January 29, 2018

    The best place to look for logs is the log reference guide:

     

    https://docs.fortinet.com....6.3-Log-Reference.pdf

     

    Below are the ones that deal with the Load balancer. I think the ones you want are logs 46003 and 46006. You could add event triggers in FortiAuthenticator for these to get emails.

     

    46000 - LOG_ID_VIP_REAL_SVR_ENA 880

    46001 - LOG_ID_VIP_REAL_SVR_DISA 881

    46002 - LOG_ID_VIP_REAL_SVR_UP 882

    46003 - LOG_ID_VIP_REAL_SVR_DOWN 883

    46004 - LOG_ID_VIP_REAL_SVR_ENT_HOLDDOWN 883

    46005 - LOG_ID_VIP_REAL_SVR_FAIL_HOLDDOWN 884

    46006 - LOG_ID_VIP_REAL_SVR_FAIL 885

    Terms & ConditionsAccessibility statement