Fortinet white logo
Fortinet white logo

Administration Guide

SNMP traps

SNMP traps

Fortinet devices share SNMP traps, but each type of device also has traps specific to that device type. For example FortiAnalyzer units have FortiAnalyzer specific SNMP traps. To receive Fortinet device SNMP traps, you must load and compile the FORTINET-CORE-MIB into your SNMP manager.

Traps sent include the trap message as well as the unit serial number (fnSysSerial) and host name (sysName). The Trap Message column includes the message that is included with the trap, as well as the SNMP MIB field name to help locate the information about the trap.

Trap message

Description

ColdStart, WarmStart, LinkUp, LinkDown

Standard traps as described in RFC 1215.

CPU usage high

(fnTrapCpuThreshold)

CPU usage exceeds the set percent. This threshold can be set in the CLI using the following commands:

config system snmp sysinfo

set trap-high-cpu-threshold <percentage value>

end

CPU usage excluding NICE processes

(fmSysCpuUsageExcludedNice)

CPU usage excluding NICE processes exceeds the set percentage. This threshold can be set in the CLI using the following commands:

config system snmp sysinfo

set trap-cpu-high-exclude-nice-threshold <percentage value>

end

Memory low

(fnTrapMemThreshold)

Memory usage exceeds 90 percent. This threshold can be set in the CLI using the following commands:

config system snmp sysinfo

set trap-low-memory-threshold <percentage value>

end

Log disk too full

(fnTrapLogDiskThreshold)

Log disk usage has exceeded the configured threshold. Only available on devices with log disks.

Temperature too high

(fnTrapTempHigh)

A temperature sensor on the device has exceeded its threshold. Not all devices have thermal sensors. See manual for specifications.

Voltage outside acceptable range

(fnTrapVoltageOutOfRange)

Power levels have fluctuated outside of normal levels. Not all devices have voltage monitoring instrumentation.

Power supply failure

(fnTrapPowerSupplyFailure)

Power supply failure detected. Available on some devices that support redundant power supplies.

Interface IP change

(fnTrapIpChange)

The IP address for an interface has changed. The trap message includes the name of the interface, the new IP address and the serial number of the Fortinet unit. You can use this trap to track interface IP address changes for interfaces with dynamic IP addresses set using DHCP or PPPoE.

Log rate too high

(fmTrapLogRateThreshold)

The incoming log rate has exceeded the peak log rate threshold.

To determine the peak log rate, use the following CLI command: get system loglimits

Data rate too high

(fmTrapLogDataRateThreshold)

The incoming data rate has exceeded the peak data rate threshold.

The peak data rate is calculated using the peak log rate x 512 bytes (average log size).

High licensed device quota

(fmTrapLicDevQuotaThreshold)

The used device quota has exceeded the licensed device quota.

High licensed Log GB/Day

(fmTrapLicGbDayThreshold)

Indicates that the used log has exceeded the licensed GB/Day.

SNMP traps

SNMP traps

Fortinet devices share SNMP traps, but each type of device also has traps specific to that device type. For example FortiAnalyzer units have FortiAnalyzer specific SNMP traps. To receive Fortinet device SNMP traps, you must load and compile the FORTINET-CORE-MIB into your SNMP manager.

Traps sent include the trap message as well as the unit serial number (fnSysSerial) and host name (sysName). The Trap Message column includes the message that is included with the trap, as well as the SNMP MIB field name to help locate the information about the trap.

Trap message

Description

ColdStart, WarmStart, LinkUp, LinkDown

Standard traps as described in RFC 1215.

CPU usage high

(fnTrapCpuThreshold)

CPU usage exceeds the set percent. This threshold can be set in the CLI using the following commands:

config system snmp sysinfo

set trap-high-cpu-threshold <percentage value>

end

CPU usage excluding NICE processes

(fmSysCpuUsageExcludedNice)

CPU usage excluding NICE processes exceeds the set percentage. This threshold can be set in the CLI using the following commands:

config system snmp sysinfo

set trap-cpu-high-exclude-nice-threshold <percentage value>

end

Memory low

(fnTrapMemThreshold)

Memory usage exceeds 90 percent. This threshold can be set in the CLI using the following commands:

config system snmp sysinfo

set trap-low-memory-threshold <percentage value>

end

Log disk too full

(fnTrapLogDiskThreshold)

Log disk usage has exceeded the configured threshold. Only available on devices with log disks.

Temperature too high

(fnTrapTempHigh)

A temperature sensor on the device has exceeded its threshold. Not all devices have thermal sensors. See manual for specifications.

Voltage outside acceptable range

(fnTrapVoltageOutOfRange)

Power levels have fluctuated outside of normal levels. Not all devices have voltage monitoring instrumentation.

Power supply failure

(fnTrapPowerSupplyFailure)

Power supply failure detected. Available on some devices that support redundant power supplies.

Interface IP change

(fnTrapIpChange)

The IP address for an interface has changed. The trap message includes the name of the interface, the new IP address and the serial number of the Fortinet unit. You can use this trap to track interface IP address changes for interfaces with dynamic IP addresses set using DHCP or PPPoE.

Log rate too high

(fmTrapLogRateThreshold)

The incoming log rate has exceeded the peak log rate threshold.

To determine the peak log rate, use the following CLI command: get system loglimits

Data rate too high

(fmTrapLogDataRateThreshold)

The incoming data rate has exceeded the peak data rate threshold.

The peak data rate is calculated using the peak log rate x 512 bytes (average log size).

High licensed device quota

(fmTrapLicDevQuotaThreshold)

The used device quota has exceeded the licensed device quota.

High licensed Log GB/Day

(fmTrapLicGbDayThreshold)

Indicates that the used log has exceeded the licensed GB/Day.