filter on events reported in AlertEmail

Forum|Forum|11 years ago
October 23, 2014
2 replies
4355 views

hello fellows,

dumb question actually: sometimes I target alertemails of customer firewalls to me. Now, is there an option to filter which events get reported? Like in 'config log <dev> filter'? I'd love to cut out these webfilter messages which occur in hundreds per day.

Setting the alert level higher doesn't work for this as 'status=blocked' is at the 'warning' level, as are other more serious events.

Best answer by Jeff_FTNT

You may try ways to restrict Alert email for Webfilter event.

### Based on event

config alertemail setting set filter-mode category set webfilter-logs disable set admin-login-logs enable end ### Based on event log level, change interval to 1440min/1 day for "warning" level event. config alertemail setting set filter-mode threshold set warning-interval 1440 end

Thanks.

Jeff_FTNTAnswer

Staff

You may try ways to restrict Alert email for Webfilter event.

### Based on event

config alertemail setting set filter-mode category set webfilter-logs disable set admin-login-logs enable end ### Based on event log level, change interval to 1440min/1 day for "warning" level event. config alertemail setting set filter-mode threshold set warning-interval 1440 end

Thanks.

ede_pfauAuthor

SuperUser

Thanks Jeff, I thought it was a dumb question, so obvious...

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded