Description
Solution
1. Go to FortiView > Log view page (FortiAnalyzer 5.0.7 or later, 5.2.x)
2. Select the log category in the left panel and on the top right corner click on Tools > Display Raw.
3. Once the raw logs are displayed you may choose the log file and the respective log data and copy the string you wish to match.
4. Go to Event Management > Event Handler > Create New to open a new event handler.
5. Give an appropriate name and description and select the devices to which the event handler should be applied.
6. Under filters select the Log type, and select the condition as "Any of the Following Conditions" and in the "" put in the log file and log data copied in step 3.
7. Click on the Notification tab and configure event notification details.
For example:
Set the threshold to generate an alert within the specified time period.
If you want an alert email to be sent in response to the event then please select the option "Send Alert Email" and specify the 'from' and 'to' e-mail address and select the e-mail server from the drop-down box.
8. Click on 'Apply' and you will receive an alert mail whenever there is an alert message meeting the condition given.
This article describes how to create an event handler which uses a generic text filter to match raw log data.
Solution
1. Go to FortiView > Log view page (FortiAnalyzer 5.0.7 or later, 5.2.x)
2. Select the log category in the left panel and on the top right corner click on Tools > Display Raw.
3. Once the raw logs are displayed you may choose the log file and the respective log data and copy the string you wish to match.
4. Go to Event Management > Event Handler > Create New to open a new event handler.
5. Give an appropriate name and description and select the devices to which the event handler should be applied.
6. Under filters select the Log type, and select the condition as "Any of the Following Conditions" and in the "" put in the log file and log data copied in step 3.
7. Click on the Notification tab and configure event notification details.
For example:
Set the threshold to generate an alert within the specified time period.
If you want an alert email to be sent in response to the event then please select the option "Send Alert Email" and specify the 'from' and 'to' e-mail address and select the e-mail server from the drop-down box.
8. Click on 'Apply' and you will receive an alert mail whenever there is an alert message meeting the condition given.
