Re: FortiSIEM: Find out triggering device for "PH_...

premchanderr · 06-20-2024

Description This article describes how to configure SMS Notification for incidents. Scope FortiSIEM. Solution Create an email/SMS policy following 'Sending Email and SMS Notifications for Incidents' from the User Guide, indicated in the related docum...

premchanderr · 05-13-2024

Description This article describes how to fix the 'Failed to lookup value type by attribute ID' error in supervisor and worker. Scope FortiSIEM v7.x Supervisor and Worker. Solution The error indicates a scheduled custom report or rule has an event at...

premchanderr · 04-23-2024

Description This article describes how to create a rule for FortiSIEM collector down. Scope FortiSIEM vv6.x+. Solution The 'system event category' has to be specified to view the events related to the system. Create the rule for collector down: Filte...

premchanderr · 03-15-2024

Description This article describes how to troubleshoot the 'Connection Refused' error in FortiSIEM GUI > Analytics search Scope FortiSIEM v6.x+. Solution When running a search in analytics it immediately fails with a 'Connection Refused' error even f...

premchanderr · 01-17-2024

Description This article describes how to resolve the Collector Clock Skew alert in FortiSIEM GUI. Scope FortiSIEM v7.0 Solution Collector Clock Skew error is received when collector time is not in sync with Super. Make sure that Collector and Super ...

premchanderr · 06-25-2024

https://community.fortinet.com/t5/FortiSIEM/Troubleshooting-Tip-How-to-resolve-PH-PARSER-TOO-MANY-UNKNOWN/ta-p/315218

premchanderr · 06-25-2024

Hi @Prakash_576 , The factors that cause high phParser are:1) Too many unknown event types2) Lot of events than which a super or collector can handle 3) Long length of a raw log causing issue in reading and parsing.To narrow down on the issue you can...

premchanderr · 03-19-2024

Hi @Jesisidabuliu , You would need to shutdown the worker, from worker CLI and then begin super upgrade. SSH to worker: # phtools --stop ALL # shutdown -h now

premchanderr · 03-18-2024

Hi, Yes you can use phtools command as well. The worker or any FSM node would be automatically rebooted after upgrade completes. For anytime you want to reboot a Fortisiem Node, you can use below command:# phxctl reboot

premchanderr · 03-18-2024

Hi @Bruce7x2 , If it was syslog then could have exported the parser and used in earlier version. But since its via API and involves Test Connectivity, you would need to upgrade to version that supports this.

User Statistics

User Activity

Technical Tip: How to configure SMS Notification

Troubleshooting Tip: How to fix backend log error 'Failed to lookup value type by attribute ID'

Technical Tip: Create Collector Down Rule

Technical Tip: The 'Connection Refused' error in FortiSIEM GUI

Technical Tip: Collector Clock Skew Alert on FortiSIEM GUI

Re: Frequent PHParser Downtime Issues in Environment

Re: Frequent PHParser Downtime Issues in Environment

Re: Upgrade 6.7.5 to 7

Re: Upgrade 6.7.5 to 7

Re: Does FortiSEM support VisionOne and is an update required for support?

Re: FortiSIEM: Find out triggering device for "PH_...

Technical Tip: Comprehensive Health Assessment for...

Re: Devices status

Re: FortiSiem - AIX server regstration

Re: Maximum message length for FortiSiem

Re: phAnomalyWorker & phAnomalyMaster services DOW...

Re: Configuring SSH on FortiSIEM to communicate wi...

Re: Analytic : Availability Incidents "No logs fro...

Re: Fortisiem Windows Agent

Re: [Analytic Search] - average Inbound / Outbond ...

KCS

FortiSIEM