Information
Add log-single-cpu-high option under config system global. When enabled, CPU single core usage will be polled every three seconds, and any single CPU core usage above the CPU usage threshold will report an event log. If a core is reported, that core will not be checked again for the next 30 seconds.
There are instances where overall CPU usage is low, but there is a single CPU core that is overloaded. But because reporting and dashboard in FortiGate shows the overall CPU usage, a single CPU core spike may get overlooked on a FortiGate with multiple CPU cores. This causes performance issues where there are instances which traffic has been stopped processing.
Solution
On CLI:
config system global
set log-single-cpu-high enable
end