Fortinet black logo

Administration Guide

Home FortiNDR 7.0.2 Administration Guide
7.0.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

FortiNDR health checks

FortiNDR health checks

When FortiNDR is set up, use the CLI command diag sys top to check that the following key FortiNDR processes are running.

sniffer

Sniffer daemon.

ndrd

NDR daemon.

isniff4ndr

Second Sniffer daemon.

fdigestd

Upload file daejmon

oftpd

OFTP daemon that receives files from FortiGate.

pae2

Portable executable AI engine.

pae_learn

Portable executable AI learner. If no features have been learned, this process does not appear.

moat_engine

Script AI engine.

moat_learn

Script AI learner.
To turn network traffic detection on and off:

Run the following command:

exec ndrd <on/off>

Note

802.1Q encapsulation for VLAN is not supported in network traffic detection.
To turn sniffer malware detection on and off for troubleshooting:

Run the following command:

exec snifferd <on/off>

Note

The current version of the Malware sniffer only sniffs traffic on Port2.

When FortiNDR sniffer malware detection feature is operating normally, Log & Report > Malware Log > Accepted shows the following accepted traffic:

Log & Report > NDR Log > Session shows the incoming sessions.

Sniffer diagnosis

Use the CLI command diag sniffer file ? to show sniffer output for port2. The TFTP server is required to store sniffer output.

Previous
Next

FortiNDR health checks

When FortiNDR is set up, use the CLI command diag sys top to check that the following key FortiNDR processes are running.

sniffer

Sniffer daemon.

ndrd

NDR daemon.

isniff4ndr

Second Sniffer daemon.

fdigestd

Upload file daejmon

oftpd

OFTP daemon that receives files from FortiGate.

pae2

Portable executable AI engine.

pae_learn

Portable executable AI learner. If no features have been learned, this process does not appear.

moat_engine

Script AI engine.

moat_learn

Script AI learner.
To turn network traffic detection on and off:

Run the following command:

exec ndrd <on/off>

Note

802.1Q encapsulation for VLAN is not supported in network traffic detection.
To turn sniffer malware detection on and off for troubleshooting:

Run the following command:

exec snifferd <on/off>

Note

The current version of the Malware sniffer only sniffs traffic on Port2.

When FortiNDR sniffer malware detection feature is operating normally, Log & Report > Malware Log > Accepted shows the following accepted traffic:

Log & Report > NDR Log > Session shows the incoming sessions.

Sniffer diagnosis

Use the CLI command diag sniffer file ? to show sniffer output for port2. The TFTP server is required to store sniffer output.

Previous
Next