FortiNDR health checks
When FortiNDR is set up, use the CLI command diag sys top
to check that the following key FortiNDR processes are running.
|
Sniffer daemon. |
|
NDR daemon. |
|
Second Sniffer daemon. |
|
Upload file daejmon |
|
OFTP daemon that receives files from FortiGate. |
|
Portable executable AI engine. |
|
Portable executable AI learner. If no features have been learned, this process does not appear. |
|
Script AI engine. |
|
Script AI learner. |
To turn network traffic detection on and off:
Run the following command:
exec ndrd <on/off>
802.1Q encapsulation for VLAN is not supported in network traffic detection. |
To turn sniffer malware detection on and off for troubleshooting:
Run the following command:
exec snifferd <on/off>
The current version of the Malware sniffer only sniffs traffic on Port2. |
When FortiNDR sniffer malware detection feature is operating normally, Log & Report > Malware Log > Accepted shows the following accepted traffic:
Log & Report > NDR Log > Session shows the incoming sessions.
Sniffer diagnosis
Use the CLI command diag sniffer file ?
to show sniffer output for port2. The TFTP server is required to store sniffer output.