FortiSIEM Data Base Monitoring

Used for

Metrics collected

Protocol

Performance Monitoring

Process level CPU

and memory utilization

SNMP

Process level

metrics

uptime, CPU utilization, Memory utilization,

Read I/O KBytes/sec, Write I/O KBytes/sec

WMI

Database performance metrics (per- instance)

Buffer cache hit ratio, Log cache hit ratio, Transactions /sec, Page reads/sec, Page writes/sec, Page splits/sec, Full scans/sec, Deadlocks/sec, Log flush waits/sec, Latch waits/sec, Data file(s) size, Log file(s) used, Log growths, Log shrinks, User connections, Target server memory, Total Server Memory, Active database users, Logged-in database users, Available buffer pool pages, Free buffer

pool pages, Average wait time

JDBC

Database performance metrics (per- instance, per-

database):

Database name, Data file size, Log file used, Log growths, Log shrinks, Log flush waits/sec, Transaction /sec, Log cache hit ratio

Locking info

Database id, Database object id, Lock type, Locked resource, Lock mode, Lock status

Blocking info

Blocked Sp Id, Blocked Login User, Blocked Database, Blocked Command, Blocked Process Name, Blocking Sp Id, Blocking Login User, Blocking Database, Blocking Command,

Blocking Process Name, Blocked duration

Availability Monitoring

General database info

database name, database version, database

size, database owner, database created date, database status, database compatibility level

JDBC

Database

configuration Info

Configure name, Configure value, Configure

max and min value, Configure running value

Database backup Info

Database name, Last backup date, Days since last backup

Database error log Database audit trail

Failed database logon is also collected through performance monitoring as logon failures cannot be collected via database triggers.

Security

Monitoring

Windows application event

WMI

logs - successful and failed login

Database audit trail

Successful and failed database logon, Various database operation audit trail including CREATE/ALTER/DROP/TRUNCATE

operations on tables, table spaces, databases, clusters, users, roles, views, table indices,

triggers etc

JDBC

Name

Description

Change: Database Server DDL Changes

Captures database DDL changes for SQL Server, Oracle and MySQL database servers.

Error: MS SQL server error log report

Captures error logs

Logon: Failed Database Server Logon Details

Captures failed database server logons for SQL Server, Oracle and MySQL database servers.

Logon: Successful Database Server Logon Details

Captures successful database server logons for SQL Server, Oracle and MySQL database servers.

Logon: Top Database Users By All Logon Activity

Ranks users and database servers by logon activity - both success and failure. Covers SQL Server, Oracle and MySQL database servers.

Logon: Top Database Users By Failed Logons

Ranks database users by the number of failed logons for SQL Server, Oracle and MySQL database servers.

Logon: Top Database Users By Successful Logons

Ranks database users by the number of successful logons for SQL Server, Oracle and MySQL database servers.

MS SQL Server Queries by completion time

Ranks queries against MS SQL Server database by completion time

Performance: MS SQL server blocking

report

Reports on MS SQL Server blocking activity

Performance: MS SQL server exclusive locking report

Reports on MS SQL Server locking activity

Performance: MS SQL server last backup report

Reports on the last time a MS SQL Server database was backed up

Performance: MS SQL server locking

report

Reports on MS SQL Server locking activity

Performance: Top MS SQL Server Queries by completion time

Ranks queries against MS SQL Server database by completion time

Performance: Top MS SQL Servers by Database Read/Write Activity

Ranks the MS SQL Servers by database read/write activity

Performance: Top MS SQL Servers by

Database SQL Activity

Ranks the MS SQL Servers by SQL Activity

Performance: Top MS SQL Servers by Users

Ranks the MS SQL Servers by database users

Performance: Top MS SQL Servers by buffer cache hit ratio

Ranks the MS SQL Servers by buffer cache hit ratio

Performance: Top MS SQL servers by

average wait time

Ranks MS SQL Servers by average database wait time

Performance: Top MS SQL servers by space usage

Ranks the MS SQL Servers by space usage

Performance: Top MySQL Servers by query activity

Ranks MySQL servers by query activity - executed queries, selects, updates, inserts and deletes

Performance: Top MySQL Servers by

slow queries

Ranks MySQL Servers by slow queries

Performance: Top MySQL Servers by table space usage

Ranks MySQL Servers by table space usage

Performance: Top MySQL Servers by user connections

Ranks MySQL Servers by active user connections

SQL Server Per-Database

Performance

SQL Server per-database metrics

SQL Server Performance

SQL Server database metrics

Nombre

Descripción

(s) Excessively Slow SQL Server DB Query

Detects that an SQL Server query took more than 5 minute to complete

(s) Microsoft SQL Server Instance Down

Detects that a Microsoft SQL Server instance is down

(s) SQL Server Excessive Blocking

Detects a particular process/user blocked for more than 2 sec

(s) SQL Server Excessive Deadlock

Detects excessive SQL Server deadlocks ( larger 2/sec over 2 succesive readings)

(s) SQL Server Excessive Full Scan

Detects excessive full scan (greater than 1000 per second)

(s) SQL Server Excessive Page Read/Write

Detects excessive SQL Server page read/write ( larger than 90 over 2 succesive readings)

(s) SQL Server Low Buffer Cache Hit Ratio

Detects that average buffer cache hit ratio is less than 90 for 2 successive readings

(s) SQL Server Low Free Pages in Buffer

Pool

Detects low free pages in SQL Server buffer pool (less than

640 over 2 succesive readings)

(s) SQL Server Low Log Cache Hit Ratio

Detects that log buffer cache hit ratio is less than 90 for 2 successive readings

(s) SQL Server scheduled job failed

Detects that an SQL Server scheduled job failed