Skip to main content
GiuseppeB
GiuseppeB
Visitor III
April 28, 2023
Question

events count reset FAZ fortisoc

  • April 28, 2023
  • 5 replies
  • 2493 views

Hi,

 

I have a problem with displaying the event handler in fortisoc, in the sense that once set the event works correctly but the events counter, in the right side of the screen, seem to reset automatically and I can't get an actual history of how many times the handler has worked.

 

Is there any tweak that can help me not reset the event count?Immagine 2023-04-28 212035.png

 

 

5 replies

Anthony_E
Staff
Anthony_E
Staff
May 2, 2023

Hello Giuseppe,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Best Regards
Anthony_E
Staff
Anthony_E
Staff
May 3, 2023

Ciao Giuseppe,

 

In page 93 of this guide:

 

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/6c4fe9fe-7369-11ea-9384-00505692583a/FortiAnalyzer-6.4.0-Administration_Guide.pdf

 

You will maybe find interesting information.

 

Could you please have a look and tell me if you find anything useful?

 

Regards,

Best Regards
GiuseppeB
GiuseppeBAuthor
Visitor III
May 3, 2023

Hello Anthony,

 

thanks for the doc but unfortunately it doesn't help me.

 

BR

srajeswaran
Staff
srajeswaran
Staff
May 4, 2023

Could you please share the FAZ version? Also, can you confirm if there is any pattern in the count reset? For example, after a change or after reaching a particular time interval? Is it going back to zero or the number is reduced/changed?


Also, can you check if the logs triggering the events are getting archived and that leads to reset of the counter as there is no active logs for this event?

    Anthony_E
    Staff
    Anthony_E
    Staff
    May 4, 2023

    Hello Giuseppe,

     

    We will then continue to look for an answer.

    I come back to you ASAP.

     

    Regards,

    Best Regards
    A
    Anonymous_User
    New Contributor III
    May 4, 2023

    Hello GuiseppeB,

     

    Can you check the max-alert-count configured as of now? 10,000 is the default count. you can push it to 50,000 if required.

     

    get sys log alert

    conf sy log alert
    (alert)# show
    (alert)# get
    max-alert-count : 10000
    (alert)# set max-alert-count
    The alert count range between 100 and 50000.
    (alert)# set max-alert-count 20000

    (alert)# end

    Let me know after changing it if you are seeing some improvement or not.

    https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-Increase-the-number-of-alerts-display-in-event/ta-p/190088

    Terms & ConditionsAccessibility statement