High memory usage-fortinet-FortiOS

High memory usage-fortinet-FortiOS
0

High memory usage-fortinet-FortiOS

Vendor: fortinet

OS: FortiOS

Description:
Indeni will alert if the memory utilization of a device is above a high threshold. If the device has multiple memory elements, each will be inspected separately and alert for.

Remediation Steps:
Determine the cause for the high memory usage of the listed elements.

  |1. Login via https to the Fortinet firewall and go to menu System > Dashboard > Status. Look at the system resources widget to review the current Memory utilization graph.
  |2. Login via ssh to the Fortinet firewall and run the FortiOS command "diagnose hardware sysinfo memory" which provides information about current memory usage.
  |3. Check if the unit is dealing with high traffic volume or with connection pool limits.
  |4. Check if the Fortinet firewall is in "conserve mode" state by running the FortiOS command "diagnose hardware sysinfo conserve

How does this work?
Indeni uses the built-in Fortinet “get system performance status” command to retrieve the device memory utilization.

Why is this important?
If the firewall memory becomes fully utilized, performance may be impacted and traffic may be dropped, and in extreme cases the firewall could crash. It is critical to monitor the memory usage and handle the issue prior to resource exhaustion.

Without Indeni how would you find this?
An administrator could login and manually run the command via CLI, check the system resources widget via the GUI, enable SNMP, configure a syslog server for a log message every 5 minutes containing the utilization, or use Fortinet FortiAnalyzer.

fortios-get-system-performance-status

name: fortios-get-system-performance-status
description: Performance metrics based on "get system performance status" command
    on Fortinet firewall
type: monitoring
monitoring_interval: 1 minute
includes_resource_data: true
requires:
    vendor: fortinet
    os.name: FortiOS
    product: firewall
comments:
    memory-usage:
        why: |
            If the firewall memory becomes fully utilized, performance may be impacted and traffic may be dropped, and in extreme cases the firewall could crash. It is critical to monitor the memory usage and handle the issue prior to resource exhaustion.
        how: |
            Indeni uses the built-in Fortinet "get system performance status" command to retrieve the device memory utilization.
        can-with-snmp: true
        can-with-syslog: true
    cpu-usage:
        why: |
            If the firewall CPU becomes fully utilized, performance may be impacted and traffic may be dropped, and in extreme cases the firewall could crash. It is critical to monitor the memory usage and handle the issue prior to resource exhaustion.
        how: |
            Indeni uses the built-in Fortinet "get system performance status" command to retrieve the device CPU utilization.
        can-with-snmp: true
        can-with-syslog: true
    uptime-milliseconds:
        why: |
            Capture the uptime of the device. If the uptime is lower than the previous sample, the device must have reloaded.
        how: |
            Indeni uses the built-in Fortinet "get system performance status" command to retrieve the current device up-time.
        can-with-snmp: true
        can-with-syslog: false
    memory-free-kbytes:
        why: |
            Tracking free memory on the system is critical to evaluate memory utilization and identify possible memory leaks.
        how: |
            Indeni uses the built-in Fortinet "get system performance status" command to retrieve the free memory.
        can-with-snmp: true
        can-with-syslog: false

    memory-total-kbytes:
        why: |
            Tracking total memory on the system is critical to evaluate and assess current memory utilizatiion.
        how: |
            Indeni uses the built-in Fortinet "get system performance status" command to retrieve the total device memory.
        can-with-snmp: true
        can-with-syslog: false
    memory-used-kbytes:
        why: |
            Tracking used memory on the system is critical to evaluate memory utilization and identify possible memory leaks.
        how: |
            Indeni uses the built-in Fortinet "get system performance status" command to retrieve the used memory.
        can-with-snmp: true
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: get system performance status
    parse:
        type: AWK
        file: get_system_performance_status.parser.1.awk

cross_vendor_high_memory_usage

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_high_memory_usage.scala