I'm pretty new to Fortimonitor and have been learning quite a bit, it's definitely an improvement on what I've used in the past.
I've noticed however that when I add a VM manually, I can reboot it and the event passes unnoticed. I expect it's because it recovers so quickly, but maybe that's incorrect. My immediate next step was to add my VMware clusters as a full stack, but including the VMs at that time in that lets hundreds of VMs into the system that I don't care about.
Does adding VMs under the aegis of vCenter provide a more favorable alert outcome, or should I expect to be informed if VMs added outside of vCenter are rebooted?
If using the full VMware integration is better, how can I add a VM manually so that I can be aware of the reboot?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello rlw,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello,
@rlw wrote:
Does adding VMs under the aegis of vCenter provide a more favorable alert outcome, or should I expect to be informed if VMs added outside of vCenter are rebooted?
By default an agent instance has a 'hearbeat' alert that will trigger an incident if the agent doesn't report any metrics for 10 minutes. So, assuming your machine is able to reboot and begin reporting metrics again with the 10 minute window, there is no incident generated and therefore no alerts sent. You can adjust this from the details tab of the agent instance if you would like to have it alert more quickly. You can find documentation on how to do so here.
You could also setup a ping alert for the instance from an OnSight. This would allow you to set an alert threshold lower than the agent heartbeat and be notified if the instance was down for a shorter period of time such as for a reboot. Documentation on how to add a ping alert to an instance can be found here.
Installing the agent on a virtual instance OS when you also have the VMware integration in place can provide additional information about the performance of a VM. Most virtual environments will oversubscribe physical resources which can cause discrepancies in the performance metrics between what is reported at a VM OS level versus what is reported at a VM instance or VM host level. As an example, a virtual machine may have poor performance but at the OS level report only 50% utilization of it's CPU while in reality it's only able to use 50% of it's CPU because the physical host is only able to allocate to the VM 50% of what it is demanding due to high load on the physical CPU and resource oversubscription.
Without monitoring both the VM OS and the virtual environment it would be much harder to correlate these types of issues. When both are in place you are better able to monitor an environment and set alert thresholds to proactively resolve performance bottlenecks that may occur at the virtual machine OS, VM and host level.
@rlw wrote:
If using the full VMware integration is better, how can I add a VM manually so that I can be aware of the reboot?
Unfortunately the VMware integration does not currently have a way to select only a subset of virtual machines to synchronize. However there is the option to not import virtual machines if you only want to monitor the cluster, host and datastores when setting up your VMware integration.
Hopefully this helps answer your questions. If you have any more questions please let us know!
Thank you,
Mike - FortiMonitor CSM
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.