Device uptime too high-fortinet-FortiOS

Device uptime too high-fortinet-FortiOS

Vendor: fortinet

OS: FortiOS

Description:
Indeni will alert when a device’s uptime is too high

Remediation Steps:
Upgrade the device. You may also change the alert’s threshold, or disable the alert completely, if not needed.

How does this work?
Indeni uses the built-in Fortinet “get system performance status” command to retrieve the current device up-time.

Why is this important?
Capture the uptime of the device. If the uptime is lower than the previous sample, the device must have reloaded.

Without Indeni how would you find this?
An administrator could login and manually run the command via CLI, check the system resources widget via the GUI, enable SNMP, or use Fortinet FortiAnalyzer.

fortios-get-system-performance-status

name: fortios-get-system-performance-status
description: Performance metrics based on "get system performance status" command
    on Fortinet firewall
type: monitoring
monitoring_interval: 1 minute
includes_resource_data: true
requires:
    vendor: fortinet
    os.name: FortiOS
    product: firewall
comments:
    memory-usage:
        why: |
            If the firewall memory becomes fully utilized, performance may be impacted and traffic may be dropped, and in extreme cases the firewall could crash. It is critical to monitor the memory usage and handle the issue prior to resource exhaustion.
        how: |
            Indeni uses the built-in Fortinet "get system performance status" command to retrieve the device memory utilization.
        can-with-snmp: true
        can-with-syslog: true
    cpu-usage:
        why: |
            If the firewall CPU becomes fully utilized, performance may be impacted and traffic may be dropped, and in extreme cases the firewall could crash. It is critical to monitor the memory usage and handle the issue prior to resource exhaustion.
        how: |
            Indeni uses the built-in Fortinet "get system performance status" command to retrieve the device CPU utilization.
        can-with-snmp: true
        can-with-syslog: true
    uptime-milliseconds:
        why: |
            Capture the uptime of the device. If the uptime is lower than the previous sample, the device must have reloaded.
        how: |
            Indeni uses the built-in Fortinet "get system performance status" command to retrieve the current device up-time.
        can-with-snmp: true
        can-with-syslog: false
    memory-free-kbytes:
        why: |
            Tracking free memory on the system is critical to evaluate memory utilization and identify possible memory leaks.
        how: |
            Indeni uses the built-in Fortinet "get system performance status" command to retrieve the free memory.
        can-with-snmp: true
        can-with-syslog: false

    memory-total-kbytes:
        why: |
            Tracking total memory on the system is critical to evaluate and assess current memory utilizatiion.
        how: |
            Indeni uses the built-in Fortinet "get system performance status" command to retrieve the total device memory.
        can-with-snmp: true
        can-with-syslog: false
    memory-used-kbytes:
        why: |
            Tracking used memory on the system is critical to evaluate memory utilization and identify possible memory leaks.
        how: |
            Indeni uses the built-in Fortinet "get system performance status" command to retrieve the used memory.
        can-with-snmp: true
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: get system performance status
    parse:
        type: AWK
        file: get_system_performance_status.parser.1.awk

cross_vendor_uptime_high

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_uptime_high.scala