Skip to main content
azkel
azkel
New Member
January 30, 2014
Question

Alerts Trigger - Severity Logs

  • January 30, 2014
  • 1 reply
  • 11372 views
Hi.! I have an " Alert Trigger" set to reach me only Critical severity alerts. However, I get the mail alerts Medium severity. Device: FortiAnalyzer 100C, v5.0.2 Time: Wed Jan 26 13:40:41 ART 2014 Type: alert Severity: high From: FortiAnalyzer-100C(FL100C3910003883) Trigger: HighAlert Threshold: more than 1 event(s) occurred within last 6 minutes Return-Path: log@etherincoll.com Message-ID: <WLSP-O0169aZbLAX3cf00000005@wlsp-o01.GLOBAL.etherincoll.com> X-OriginalArrivalTime: 29 Jan 2014 13:40:01.0233 (UTC) FILETIME=[F382BA90:01CD7D0B] Date: 26 Jan 2014 13:40:41 -0300 Log message: date=2014-01-26 time=13:40:41 itime=1391024859 devid=FG300B3910600945 logid=16385 type=ips subtype=signature pri=alert vd=Portmirror severity=medium srcip=10.10.15.38 dstip=10.10.52.8 srcintf=" port4" policyid=1 identidx=0 sessionid=0 status=detected proto=1 service=icmp count=1 attackname=" Multiple.Vendor.ICMP.Remote.DoS" icmpid=0x0000 icmptype=0x04 icmpcode=0x00 attackid=13244 sensor=" ruleipspmirror" ref=" http://www.fortinet.com/ids/VID13244" incidentserialno=1719070378 msg=" DoS: Multiple.Vendor.ICMP.Remote.DoS," Then, Severity: high Log message: severity=medium Any ideas to help me resolve this situation? Regards.

    1 reply

    mnantel_FTNT
    Staff
    mnantel_FTNT
    Staff
    February 20, 2014
    I recommend you first upgrade to FAZ 5.0.6 as there have been countless improvement to alert handling. You might get an easier time configuring this with the Event Management tool in 5.0.6... Post back if you still struggle afterwards!
    ss198939
    ss198939
    New Member
    April 11, 2018

    if i want to set alert for device reboot by power distruption then which option should i select

    chall_FTNT
    Staff
    chall_FTNT
    Staff
    April 11, 2018

    Event handler on the FortiAnalyzer is triggered by logs received from the FortiGates.  If all power is lost to the FortiGate, it would not be able to generate a log.  It also does not generate a log message upon reboot explaining why it rebooted.

     

    Sounds like you would need to find a way to correlate FortiGate reboots coincided with power fluctuations in your environment.  Perhaps if you a UPS solution that is monitoring power availability & it could send syslog to FAZ, it might be possible to use Event Handler somehow.  Otherwise, you would need some other monitoring solution.  Perhaps involving SNMP.

    Terms & ConditionsAccessibility statement