Question
Syslog for Banned / Quarantined IP
Hey all,
I have syslog configured and receiving all my data beautifully in GrayLog.
What I'm not getting, is any indicator that an IP has been added to Quarantine / Banned IP.
FortiOS 5.6.5
I.E. I received an IPS trigger today from 117.1.189.196, and all I see is the IPS event. The IP is now in banned IP tab, but I want to set up a notification/report of these IPS whenever they are quarantined. Is there a specific facility, or am I missing something?
Thanks.