| Solution |
The following logs can be found in the backend of Supervisor and Collectors.
phPerfMonitor[3099]: [PH_LIB_TOPO_INTF_UTIL_ERROR]:[eventSeverity]=PHL_WARNING,[procName]=phPerfMonitor,[fileName]=phIntfFilter.cpp,[lineNumber]=276,[hostName]=FHCOREC9300X,[hostIpAddr]=192.168.77.26,[intfName]=unrouted VLAN 1,[phLogDetail]=Data inconsistent for interface util monitoring. Possible Error: Absence of interface in/out bytes or in/out pkts: 192.168.77.26, unrouted VLAN 1. currIntfUtilStat.inBytesPresent(0) currIntfUtilStat.outBytesPresent(0) currIntfUtilStat.outUcastPktsPresent(0) currIntfUtilStat.outNUcastPktsPresent(0) currIntfUtilStat.inUcastPktsPresent(0) currIntfUtilStat.inNUcastPktsPresent(0); prevIntfUtilStat.inBytesPresent(0) prevIntfUtilStat.outBytesPresent(0) prevIntfUtilStat.outUcastPktsPresent(0) prevIntfUtilStat.outNUcastPktsPresent(0) prevIntfUtilStat.inUcastPktsPresent(0) prevIntfUtilStat.inNUcastPktsPresent(0)
Cause:
-
Data inconsistency in interface utilization monitoring.
-
phPerfMonitor errors or delays.
-
Possible duplicate device entries in CMDB with the same IP.
Resolution/Workaround:
-
Check CMDB for duplicate devices with the same IP (192.168.77.26 in this case) and remove duplicates if found.
- Adding a drop rule for 'PH_LIB_TOPO_INTF_UTIL_ERROR' under Settings -> Event Handling -> Dropping
For all devices, 'Event type = PH_LIB_TOPO_INTF_UTIL_ERROR'.
-
Optional: Disable 'Net Intf Stat' monitoring to prevent excessive logs under Admin -> Setup -> Monitor Performance, select device -> More, edit System Monitors, Uncheck Net Intf Stat, save, and select 'Apply'.
Disabling Net Intf Stat stops interface utilization data collection for the device.
Verify in the backend of FortiSIEM nodes to observe if the 'PH_LIB_TOPO_INTF_UTIL_ERROR' is still being logged:
# tail -f /opt/phoenix/log/phoenix.log | grep -i 192.168.77.26
# tail -f /opt/phoenix/log/phoenix.log | grep -i PH_LIB_TOPO_INTF_UTIL_ERROR
|
