Check fortios-ha-stats¶
Overview¶
Monitors the high-availability cluster status on FortiGate appliances running FortiOS via the REST API. Alerts if the number of HA members differs from the expected count (default: 2). Reports serial number, role, priority, hostname, and synchronization status per member.
Important Notes:
- FortiGate appliances running FortiOS with REST API access and HA configured
Data Collection:
- Queries the FortiOS REST API endpoint
/api/v2/monitor/system/ha-statistics/select/to retrieve HA member details - Aggregates total sessions and traffic across all cluster members
- Emits per-member perfdata for sessions, network usage, traffic bytes, CPU usage, and memory usage
- Authentication uses a single API token (Token-based authentication)
Fact Sheet¶
| Fact | Value |
|---|---|
| Check Plugin Download | https://github.com/Linuxfabrik/monitoring-plugins/tree/main/check-plugins/fortios-ha-stats |
| Nagios/Icinga Check Name | check_fortios_ha_stats |
| Check Interval Recommendation | Every minute |
| Can be called without parameters | No (--hostname and --password are required) |
| Runs on | Cross-platform |
| Compiled for Windows | No |
Help¶
usage: fortios-ha-stats [-h] [-V] [--always-ok] [--count COUNT] -H HOSTNAME
[--insecure] [--no-proxy] --password PASSWORD
[--timeout TIMEOUT]
Monitors the high-availability cluster status on FortiGate appliances running
FortiOS via the REST API. Alerts if the number of HA members differs from the
expected count (default: 2). Reports serial number, role, priority, hostname,
and synchronization status per member.
options:
-h, --help show this help message and exit
-V, --version show program's version number and exit
--always-ok Always returns OK.
--count COUNT Expected number of HA cluster members. Alerts if the
actual count differs. Default: 2
-H, --hostname HOSTNAME
FortiOS-based appliance address, optionally including
port. Example: `--hostname 192.168.1.1:443`.
--insecure This option explicitly allows insecure SSL
connections.
--no-proxy Do not use a proxy.
--password PASSWORD FortiOS REST API single-use access token.
--timeout TIMEOUT Network timeout in seconds. Default: 3 (seconds)
Usage Examples¶
./fortios-ha-stats --hostname fortigate-cluster.linuxfabrik.io --password mypass --count 2
Output:
Found 2 HA cluster members, which handled 87458 sessions and 187.0TiB traffic so far.
States¶
- OK if the number of HA cluster members matches
--count(default: 2). - WARN if the number of HA cluster members differs from
--count. --always-oksuppresses all alerts and always returns OK.
Perfdata / Metrics¶
Per HA member (prefixed with the member hostname):
| Name | Type | Description |
|---|---|---|
<hostname>_cpu_usage |
Percentage | CPU usage of the HA member. |
<hostname>_mem_usage |
Percentage | Memory usage of the HA member. |
<hostname>_net_usage |
Percentage | Network usage of the HA member. |
<hostname>_sessions |
Number | Number of sessions handled by the HA member. |
<hostname>_tbyte |
Bytes | Total traffic in bytes handled by the HA member. |
Credits, License¶
- Authors: Linuxfabrik GmbH, Zurich
- License: The Unlicense, see LICENSE file.